On Tue, May 26, 2009 at 10:10 AM, Matt Christy
<email@hidden> wrote:
Hi,
Recently one of my OS X Servers has been having trouble with AD bindings. Whenever I reboot the server, for whatever reason, it no longer recognizes that it's bound to my AD Domain. To remedy the issue, I usually have to unbind it, remove it's OO from the OU in AD, re-bind the server, and then reboot. After the reboot it sees AD groups and users again. The problem is that if I have to reboot it again for any reason (updates, etc) I have to do this whole song and dance again. dscl reports nothing in the AD tree when I attempt to browse. System time is sync'd with my NTP, so they're all on the same clock.
I have two other OS X servers bound and configured the same way, on the same network, and they don't seem to have a problem. Has anyone else been experiencing anything like this?
Do you have any messages in your system.log about not being able to change the machine password? If so, this server might be in an OU that is not allowing machine password changes for whatever reason. You can also take a look at the tail end of /L/P/DS/ActiveDirectory.plist and you should see something like:
<key>Password Change Date</key>
<string>2009-05-29 17:14:57 -0400</string>
If that date is in the past, it probably means it wasn't able to change the password.
