Thread-topic: AD Accounts as Administrators for Macs?
User-agent: Microsoft-Entourage/11.2.5.060620
All you need to do is put the admin groups in the Active Directory Plug-in.
Open Directory Access, Configure Active Directory, click the Administrative
tab, Check Allow administration by: add your admin groups here.
Re-binding should not by necessary.
Or use the command line option
dsconfigad -groups 'domain admins'
This is a client side change. If you have ARD your could do this to all of
them at once.
stevan
On 07/21/06 9:02 AM, "David Rocamora" <email@hidden> wrote:
> I¹m in a place that¹s mostly Windows and uses Active Directory for
> everything. We have a magic triangle setup here with our Open Directory. We
> netboot 90% of our Macs.
>
> Up until a few months ago we had a local administrator account in our
> netboot images and out locally installed Macs. When one of the helpdesk
> staff needed to work on a machine they would use this shared password. This
> began to cause us trouble because it became more difficult to change the
> password in the netboot and on all of the local installed machines. For this
> reason we migrated to using an Active Directory account. The account is
> configured in Directory Access to be an administrator and I edit
> /etc/sudoers to allow the account to sudo.
>
> This is working fine but I¹ve been asked to eliminate the use of shared
> accounts. I¹d like to be able to make a group of users administrators on the
> Macs with sudo access without having to edit /etc/sudoers for every single
> member of the group. Is there a way I can make an OD group administrators
> and then nest an AD group inside of it? Is there another solution for this?
>
> Thanks in advance.
>
> David Rocamora Systems Administrator
>
>
>
>
>
> This message is the property of R/GA and contains information which may be
> privileged or confidential. It is meant only for the intended recipients
> and/or their authorized agents. If you believe you have received this message
> in error, please notify us immediately by return e-mail or by forwarding this
> message to email@hidden, and destroy any printed or electronic copies of
> the message. Any unauthorized use, dissemination, disclosure, or copying of
> this message or the information contained in it, is strictly prohibited and
> may be unlawful. Thank you.
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Client-management mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/client-management/email@hidden
>
> This email sent to email@hidden
Stevan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
