Re: [Rockies-Edu] Basic AD/OD Triangle Question
Re: [Rockies-Edu] Basic AD/OD Triangle Question
- Subject: Re: [Rockies-Edu] Basic AD/OD Triangle Question
- From: "Michael T. Scott" <email@hidden>
- Date: Thu, 12 Aug 2010 14:18:20 -0600
Hi Chuck,
Check out the dual directory and MCX videos at http://www.apple.com/education/resources/information-technology.html
You can do this a couple ways, depending on if you want to manage MCX settings with computer accounts or with user groups.
Scenario 1:
Do not bind OS X Server to AD, promote to OD master
Create computer groups and assign MCX
Bind client to AD first
Bind client to OD second
Scenario 2:
Bind OS X Server to AD first
Promote OS X Server to OD master
Drag AD users into OD groups that you create and assign MCX
Bind client to AD first
Bind Client to OD second
In both scenarios the clients authenticate directly to AD.
In the first scenario the OS X Server does not need to be bound to AD to manage MCX for computer groups.
In the second scenario the OS X Server needs to be bound to AD in order to create OD groups of AD users, and to assign MCX to the OD groups.
-Mike
On Aug 11, 2010, at 2:01 PM, Hoffmann, Chuck wrote:
> When I bind my clients to OD and AD my authentication search policy is set to Open Directory followed by Active Directory. So, the clients are authenticating primarily to the Open Directory server which has the AD credentials. Are the clients binded to AD just as a backup; so that if the OD server goes down the clients can still authenticate directly to AD?
>
> Thanks for any help; I have a Sys Admin that is insisting that the OSX server does not have to be bound to AD, just the clients need to be bound to AD and OD. If I understand correctly, this setup would not allow the clients to retrieve the Workgroup Manager settings. _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Rockies-edu mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Rockies-edu mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden