Re: [Rockies-Edu] Setting preferences for AD users in WGM
Re: [Rockies-Edu] Setting preferences for AD users in WGM
- Subject: Re: [Rockies-Edu] Setting preferences for AD users in WGM
- From: Chery Bradley <email@hidden>
- Date: Thu, 7 Jan 2010 10:43:26 -0700
- Acceptlanguage: en-US
- Thread-topic: [Rockies-Edu] Setting preferences for AD users in WGM
Title: Re: [Rockies-Edu] Setting preferences for AD users in WGM
Thank you so much. A silly oversight on my part that would have taken me a really long time to figure out.
chery
On 1/6/10 3:30 PM, "Corey Carson" <email@hidden> wrote:
Hi Cheryl,
What are the settings on the AD plugin for those Mac clients? In Directory Utility, look in the advanced options of the AD plugin.
You probably have both "Create mobile account at login" and "Require confirmation before creating a mobile account" checked. Those come from your local AD plugin, and will be honored even if nothing is set in WGM. Best practice is to keep your AD users in groups, and then nest those groups inside Open Directory groups. If I had an AD group called students_2010, then I'd make one in OD called od_students_2010, and so on. See if setting it at the workgroup level on an OD group gets you the desired results, and be sure to nest the AD group inside of that managed OD group.
Anytime you get an error in WGM that doesn't explain itself (which is most), crank up Terminal and type dserr followed by the number. It will shed a bit more light on the issue.
CC-MBP-15:~ carson$ dserr -14140
-14140: eDSNoStdMappingAvailable
This means that you don't have permission to modify the settings. I'm guessing that you didn't login to WGM as an AD admin. In a triangle setup, you should be able to use OD's diradmin account and create those OD groups, use the nesting, and never bother with AD modification in WGM.
Hope this helps!
Corey
----------------
Corey Carson
Systems Engineer
Apple - Higher Education
Colorado, Wyoming and Montana
303.378.7193
800.800.2775 (Tier 1 Tech Support)
866.752.7753 (Tier 2 Tech Support)
Rockies-edu listserve:
http://bit.ly/rockies-edu/
----------------
On Jan 6, 2010, at 1:36 PM, Chery Bradley wrote:
Hi all and happy new year.
Here’s another server type question for the group...
I have a “golden triangle” setup using Active Directory and Open Directory using a brand new leopard server 10.5.8 and mac workstations running leopard 10.5.8. My students are AD users with their home directories on the AD server. The workstations are bound to the AD server.
Here’s the issue: When I am in Workgroup Manager I am able to create workgroups for my AD users and pull them into the group. There are NO preferences set for any of the groups or the workstations. Yet when a user logs in they are asked if they want to create a mobile account – NO, I don’t want that. So I went back into WGM and checked out an AD user. They seem to come with preferences from the AD side. They have mobile preferences set that are requiring that they create mobile users. When I go to adjust that preference in WGM I get a Error: -14140 when trying to save the preference. It is obvious that I can’t adjust that preference through WGM. My system admin and I don’t know how to get that preference to stop from either the OD or the AD side.
Your wonderful expertise is always appreciated.
Thanks,
Chery
--
Chery Bradley
Enrichment and Technology Teacher
Telluride Elementary School
Telluride, Colorado
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Rockies-edu mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden