Active Directory and Mobile computer with 10.8.4
I've managed to get our Power Book (first mac on network) on AD domain, it was a labor of love,
I have gotten every thing working smooth, Volumes mounted with and without Alias, but the last thing I am trying to configure is Mobile Computing,
so a user can work off the Network and have it Sync when he logs back in. Mobile computer pulls the UNC from AD fine and mounts his home directory, however it does not sync to his home directory on the network...
I am sure I am missing something silly, but right now my brain is fried... Any help please?
Got it, thanks guys works pretty well too... I don't know why it wasn't working before, AD integration is still strange.
Similar Messages
-
10.6 home directory mounting with active directory and open directory integration
Hi guys i am having some issues in my new mac environment. I have a windows network with an server 2008 active directory. I have just recentlly created a "magic triangle" setup with active directory and open directory. When my users login via windows their home folders mount perfect. When any user logs in to any iMac in the building it does not work. They login perfectly fine, but their home folders do not mount. When i try mounting them manually with smb, i get a prompt for credentials. I am thinking this is my issue, my Single sign on with kerbos is working but for some reason is not logging in correctly. If i type in my credentials with my domain first then my name it works.
For example DOMAIN\jsmith works, but the way i think the mac and active directory is doing it now is just jsmith without the DOMAIN.
I feel like this is the problem with the home folders not mounting.
Can anyone provide some help with this?
Thanks,
DaniHi dani190,
are you using the fully qualified domain name of the network server? ie if your server is bob. and your domain is domain.company.com. then the FQDNS would typically be bob.domain.company.com or bob.company.com.
If the FQDNS works, then have you checked in the AD to make sure the path to the network home folder uses the FQDNS?
For the contact search path, did you put the AD at the top the list? (in directory utility)
Did you set the WINS work group on your client computer to your domain?
ie:Apple Menu, System Preferences, Network, Active Network Port (ethernet and or airport) , Advanced Button, WINS Tab, set workgroup to the name of your domain. ie domain.company.com and or company.com -
Active Directory - SharePoint Replication Problem with User Information
Hi, we have a implementation of SharePoint 2010 stand alone server, when we start to work in this server, we add the users from Active Directory services implemented in our company. This users had information like the email and department. When i add one
user to SharePoint, sharepoint import all information user.
The problem is when i change the email information from the user in Active Directory, this information didnt replicate to SharePoint. The user have the new email In Active Directory and the old email in SharePoint.
How can i replicate new one all information from the user to SharePoint?
I hope someone can help me..
thanks.Standalone installations of SharePoint do not support the User Profile Sync Service. You'll want to use a farm installation for that functionality.
Are you using SharePoint Foundation, Standard, or Enterprise? The UPSS only comes with Standard and Enterprise.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Open Directory and Mobile Home Folders
Hi All,
I am a bit confused about Open Directory and Mobile Accounts! here is our scenario. We have an Open Directory setup and all Accounts are set to mobile, accounts are almost 250+, my main problem is the Synchronization Conflicts, the accounts are automated to sync every 30 mins, the problem is every now and then schronization conflict windows popups, our users are complaining almost everytime, another problem is all of the users home folder has a qouta of 5GB, problem is there are users who excedd on the qouta some goes up to 60GB and 100GB, how do i solve this two problems. i am about to loose my mind. We setup like this in order for us to have a backup of all files of the users in case problem arises in the workstation. i have notice that synching file error comes up if you have temporary files used by any applications. the home folder of each user will exclude library, trash, music and entourage databse. Please Do help me.!!! Anyone who knows..?
Environment
OD Server - MacOS X Server Tiger 10.4.4
Workstations - mix MacOS X Tiger 10.4.4 - 10.4.7
AFP Home Folder - MacOS X Server Tiger 10.4.6 mounted Xsan Volume for home folders
johnaris
PLEASE HELP!Thanks for the info, by now i will look into that little utility that is very helpful (console!)
Yes, I was thinking of synching our users at login and logout, the problem here is that, users here has bigger home folders.. mostly about 3GB, and it will took time to login a user, about 6-10 mins, depends on the network, we have networks users that that has slow networks and fast network on video editing users. What I did is that i excluded the Library in the synch options on each unit here, since we are not using Apple's Mail and iCal, it did minimize the synching error but the temp files and date discripancies are mostly that will generate an error, I am having really problems with this.
thanks for the info i really appreciate it. -
User synchronization issue between Active Directory and Solution manager.
Requirement:
Synchronize the users between Active directory and solution manager system.
<u>What we did:</u>
1. Created RFC connection (LDAP_RFC) for LDAP connector.
2. Created new LDAP connector that utilize the RFC (LDAP_RFC).
3. Created new logical LDAP Server(CUA).Here we have to maintain the connection
details to the physical directory.
4. We maintained the communication user that is used by the LDAP connector to bind the LDAP Directory Server.
5. In transaction LDAPMAP specific SAP data fields, we mapped to the desired
directory attributes.
6. Testing from LDAP transaction working fine. We are able to see the attributes and
values from Active directory.
<b><u>Issue:</u></b>
When executed the program RSLDAPSYNC_USER for user synchronization from t-code se38 with below selection .
LDAP Server = CUA (created earlier)
LDAP Connector = LDAP_RFC (RFC connection created created ealier)
In the tab: (Object that exist both in the directory and in the Database:)
Selected: Compare Time Stamp.
In the tab: (Objects the only exist in the Directory.)
Selected : Create in Database.
In the tab(Objects that only Exist in the Database:
Selected: Ignore Object.
Result from the report shows that connection to LDAP server is fine and 0(zero) objects in Directory.
The program does not create any new user in the Solution Manager system.
Any help on this issue greatly appreciated.
Thanks & Regards,
Harishwhere did you see this error ? is there anymore details.
i think the account you are using for Sync does not have Replicate Directory Changes permission in AD. follow below article and give Replicate directory changes permission.
http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
Thanks, Noddy -
Store signature image in Active Directory and deploy it to each users desktop
What I am trying to achieve is to have each user a hand written signature scanned in and stored in the .jpgPhoto attribute in Active Directory and then have some sort of script, like our login script, pull that information and copy the file to the users
desktop. We are wanting to be able to allow users to apply the signature image on a signature line in Office 2010 or InfoPath forms instead of typing their name. I know there has to be a way to do this but I have not found it yet and I am
not very good at scripting. Is there anyone here that has accomplished such a task and if so, how did you go about doing it?
David HoodWe already have Outlook email signatures created from AD information deployed to all users. Someone else on my team deployed that already and it works great. But that is just basic user info pulled from fields that were manually entered in
the user account. What I want to do is have a user scribble their signature on a piece of paper or a tablet, capture an image of that to crop and resize to store in the AD user account or somewhere secure that can be queried to be pushed to that users
desktop. I work at a state government agency and I have heard of another agency doing this but I have no idea how they did it. The only thing I could think of is to have a script ran during login to query the AD attribute the image is stored in,
pull it and then copy it to the users machine so when they sign a word document or .PDF with a digital signature they also have the option to place that image in the signature line.
David Hood -
How to manage Active directory and tools to manage Active Directory
How to manage Active directory and which tools we use?
You can use Microsoft Active Directory management tools:
http://technet.microsoft.com/en-us/library/aa998508(EXCHG.65).aspx
http://technet.microsoft.com/en-us/library/aa998508(EXCHG.65).aspx
erview of Server Message Block signing
http://support.microsoft.com/kb/887429/en-us
Remote Server Administration Tools for Windows 7:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en
AD Admin Center:
http://technet.microsoft.com/en-us/library/dd560651(WS.10).aspx
http://technet.microsoft.com/en-us/library/dd560652(WS.10).aspx
Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights. -
Exporting Active directory users to excel with conditions
I'm trying to export AD users with selected fields out to a spreadsheet, with the condition that the employeeid field is greater than 99999. I found a VBScript elsewhere on this site that does everything i need, even filtering on the employeeid
field except that when it export to the spreadsheet the employeeid field comes back as if it's blank. But i know it's not as it will do the filtering correctly. Below is the script i've been using. As i said it will correctly list all users
with employeeid greated than 5 digits but it just won't export the actual employeeid field
Dim ObjWb
Dim ObjExcel
Dim x, zz
Set objRoot = GetObject("LDAP://RootDSE")
strDNC = objRoot.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNC) ' Bind to the top of the Domain using LDAP using ROotDSE
Call ExcelSetup("Sheet1") ' Sub to make Excel Document
x = 1
Call enummembers(objDomain)
Sub enumMembers(objDomain)
On Error Resume Next
Dim Secondary(20) ' Variable to store the Array of 2ndary email alias's
For Each objMember In objDomain ' go through the collection
if ObjMember.EmployeeID > 199999 Then 'if employee id greater than 199999 then add to spreadsheet (meaning physician)
x = x +1 ' counter used to increment the cells in Excel
' I set AD properties to variables so if needed you could do Null checks or add if/then's to this code
' this was done so the script could be modified easier.
SamAccountName = ObjMember.samAccountName
FirstName = objMember.GivenName
LastName = objMember.sn
EmployeeID = ojbMember.employeeID
EmailAddr = objMember.mail
Addr1 = objMember.streetAddress
Title = ObjMember.Title
Department = objMember.Department
' Write the values to Excel, using the X counter to increment the rows.
objwb.Cells(x, 1).Value = EmployeeID
objwb.Cells(x, 2).Value = SamAccountName
objwb.Cells(x, 3).Value = FirstName
objwb.Cells(x, 4).Value = LastName
objwb.Cells(x, 5).Value = EmailAddr
objwb.Cells(x, 6).Value = Addr1
objwb.Cells(x, 7).Value = Title
objwb.Cells(x, 8).Value = Department
' Write out the Array for the 2ndary email addresses.
For ll = 1 To 20
objwb.Cells(x,26+ll).Value = Secondary(ll)
Next
' Blank out Variables in case the next object doesn't have a value for the property
EmployeeID = "-"
SamAccountName = "-"
FirstName = "-"
LastName = "-"
EmailAddr = "-"
Addr1 = "-"
Title = "-"
Department = "-"
For ll = 1 To 20
Secondary(ll) = ""
Next
End If
' If the AD enumeration runs into an OU object, call the Sub again to itinerate
If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then
enumMembers (objMember)
End If
Next
End Sub
Sub ExcelSetup(shtName) ' This sub creates an Excel worksheet and adds Column heads to the 1st row
Set objExcel = CreateObject("Excel.Application")
Set objwb = objExcel.Workbooks.Add
Set objwb = objExcel.ActiveWorkbook.Worksheets(shtName)
Objwb.Name = "Active Directory Users" ' name the sheet
objwb.Activate
objExcel.Visible = True
objwb.Cells(1, 1).Value = "EmployeeID"
objwb.Cells(1, 2).Value = "SAMAccountName"
objwb.Cells(1, 3).Value = "FirstName"
objwb.Cells(1, 4).Value = "LastName"
objwb.Cells(1, 5).Value = "Email"
objwb.Cells(1, 6).Value = "Addr1"
objwb.Cells(1, 7).Value = "Title"
objwb.Cells(1, 8).Value = "Department"
End Sub
MsgBox "User dump has completed.", 64, "AD Dump" ' show that script is completeHere is a test version
Set xl = CreateObject("Excel.Application")
xl.Visible = True
Set wb = xl.Workbooks.Add()
Set sheet = wb.Worksheets("sheet1")
sheet.Name = "Active Directory Users"
i = 1
With sheet
.Cells(i, 1).Value = "EmployeeID"
.Cells(i, 2).Value = "SAMAccountName"
.Cells(i, 3).Value = "FirstName"
.Cells(i, 4).Value = "LastName"
.Cells(i, 5).Value = "Email"
.Cells(i, 6).Value = "Addr1"
.Cells(i, 7).Value = "Title"
.Cells(i, 8).Value = "Department"
End With
Set users = GetADUsers()
While Not users.EOF
i = i + 1
With sheet
.Cells(i, 1).Value = users("employeeID")
.Cells(i, 2).Value = users("samAccountName")
.Cells(i, 3).Value = users("GivenName")
.Cells(i, 4).Value = users("sn")
.Cells(i, 5).Value = users("mail")
.Cells(i, 6).Value = users("streetAddress")
.Cells(i, 7).Value = users("Title")
.Cells(i, 8).Value = users("Department")
End With
users.MoveNext
Wend
Function GetADUsers()
Set rootDSE = GetObject("LDAP://RootDSE")
base = "<LDAP://" & rootDSE.Get("defaultNamingContext") & ">"
filt = "(&(objectClass=user)(objectCategory=Person))"
attr = "employeeid,SAMAccountName,mail,GivenName,sn,streetAddress,Title,Department"
scope = "subtree"
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = conn
cmd.CommandText = base & ";" & filt & ";" & attr & ";" & scope
Set GetADUsers = cmd.Execute()
End Function
¯\_(ツ)_/¯ -
JNDI, Active Directory and Persistent Searches (part 2)
The original post of this title which was located at http://forum.java.sun.com/thread.jspa?threadID=578342&tstart=200 subsequently disappeared into the ether (as with many other posts).
By request I am reposting the sample code which demonstrates receiving notifications of object changes on the Active Directory.
Further information on both the Active Directory and dirsynch and ldap notification mechanisms can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/overview_of_change_tracking_techniques.asp
* ldapnotify.java
* December 2004
* Sample JNDI application that uses AD LDAP Notification Control.
import java.util.Hashtable;
import java.util.Enumeration;
import javax.naming.*;
import javax.naming.ldap.*;
import com.sun.jndi.ldap.ctl.*;
import javax.naming.directory.*;
class NotifyControl implements Control {
public byte[] getEncodedValue() {
return new byte[] {};
public String getID() {
return "1.2.840.113556.1.4.528";
public boolean isCritical() {
return true;
class ldapnotify {
public static void main(String[] args) {
Hashtable env = new Hashtable();
String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";
String adminPassword = "XXXXXXXX";
String ldapURL = "ldap://mydc.antipodes.com:389";
String searchBase = "DC=antipodes,DC=com";
//For persistent search can only use objectClass=*
String searchFilter = "(objectClass=*)";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
//bind to the domain controller
LdapContext ctx = new InitialLdapContext(env,null);
// Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the attributes to return
String returnedAtts[] = null;
searchCtls.setReturningAttributes(returnedAtts);
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//Specifiy the search time limit, in this case unlimited
searchCtls.setTimeLimit(0);
//Request the LDAP Persistent Search control
Control[] rqstCtls = new Control[]{new NotifyControl()};
ctx.setRequestControls(rqstCtls);
//Now perform the search
NamingEnumeration answer = ctx.search(searchBase,searchFilter,searchCtls);
SearchResult sr;
Attributes attrs;
//Continue waiting for changes....forever
while(true) {
System.out.println("Waiting for changes..., press Ctrl C to exit");
sr = (SearchResult)answer.next();
System.out.println(">>>" + sr.getName());
//Print out the modified attributes
//instanceType and objectGUID are always returned
attrs = sr.getAttributes();
if (attrs != null) {
try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
Attribute attr = (Attribute)ae.next();
System.out.println("Attribute: " + attr.getID());
for (NamingEnumeration e = attr.getAll();e.hasMore();System.out.println(" " + e.next().toString()));
catch (NullPointerException e) {
System.err.println("Problem listing attributes: " + e);
catch (NamingException e) {
System.err.println("LDAP Notifications failure. " + e);
}Hi Steven
How can I detect what change was made ? Is there an attribute that tell us ?
Thanks
MHM -
Hello all,
This topic might have been talked about before but after a lot of searching I still have not found a solution, so I ask for a bit of help.
In our Active Directory there are many OUs where users are kept. There is no one top OU where you can start your search. I don't really know why it was set up this way and I don't have an option to change that. I would really like to have ou=users like most have!
So when I try to authenticate a user (I'm installing DSpace in my uni) I cannot automatically add the OU for the user trying to log in and the users themselves don't know their OU (well, why would they!).
I'm hoping there is some simple solution to this. Maybe JNDI API allows for searching in many OUs at the same time (some fixed list in the code)? Or maybe the OU is not needed at all in the search?
Any help/hints would be appreciated.
best regards, LogiFor searching, you can issue a subtree search will search through the entire subtree, irrespective of how many levels of OU's may exist, by using SearchControls.SUBTREE_SCOPE
Have a look at the tutorial at http://java.sun.com/products/jndi/tutorial/basics/directory/scope.html
For authentication, you can either get the user to enter their:
distinguished name
(cn=Albert Eirnstein, ou=Research,dc=Antipodes,dc=com), although that is not entirely user friendly
their NT style logon name (samAccountName)
ANTIPODES\alberte, more user friendly,
or their Windows 200 style logon name (userPrincipalName),
[email protected], equally as user friendly.
You may also want to look at some of the following posts:
JNDI, Active Directory and Authentication (Part 1) (Kerberos)
http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
JNDI, Active Directory & Authentication (part 2) (SSL)
http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50
JNDI, Active Directory & Authentication (part 3) (Digest-MD5)
http://forum.java.sun.com/thread.jspa?threadID=581868&tstart=150
JNDI, Active Directory & Authentication (part 4) (SASL EXTERNAL)
http://forum.java.sun.com/thread.jspa?threadID=641047&tstart=0
JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)
http://forum.java.sun.com/thread.jspa?threadID=726601&tstart=0
JNDI, Active Directory, Referrals and Global Catalog
http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15 -
How to map active directory and wordpress ?
i want to import my existing wordpress users in Active Directory but status is not changed.
This topic first appeared in the Spiceworks Community1) I want to Import wordpress user in active Directory
2) so,I install one plugin like "Active Directory Integrate".
3) I configure this plugin and import users in Active Directory
4) I want to Enable user in Active directory and importing in Active Direcoty.
help me -
How do i have CC on home and work computer with same account?
How do i have CC on home and work computer with same account?
Hi Markofm,
You may install software on up to two computers. These two computers can be Windows, Mac OS, or one each.
If you install on a third computer, it will request you to De-activate on the other two computers. You can then reactivate one of the previous two computers, and use Creative Cloud apps on it.
If you regularly need to use the Creative Cloud on more than two computers then it would be best to purchase an additional subscription. This is the same licensing between which we have for our perpetual product. An advantage though for Creative Cloud over the perpetual product is that you can install on Mac and Windows with the same subscription!
Thanks & Regards,
Sanjeeta -
if i buy a movie in itunes, the movie will be avaliable on my iMac and my computer with itunes? They have the same ID Apple...
Once the movie has completey download, having an Internet connection is no longer necessary. It would be wise to test the movie before you leave, though, in case of glitches.
Regards. -
10.4.x and Active Directory Logins - mobile accounts
Managing 10.4.x workstations and trying to get AD logins to work using OS X AD plugin set to "create mobile home" and "Force local home directory".
AD user accounts get stuck at the login window. The user name and password field are greyed out and the computer sits like that for a long time. Computer responds when pressing the power button to restart, shutdown, sleep, or cancel.
Console reads: automount 174: can't mount server name .... invalid argument (22) over and over
tried setting automount in /etc/hostconfig to NO and that just keeps returning the "unable to login as user .... afp/smb error"
If the AD plug in is cofigured with out the "create mobile home" and "force local home directory" checked, the AD user can log in with a true network home directory.
Seems like the login doesn't work when it's set to create a mobile home and mount the users network folder in the dock.
Clients are Mac 10.4.9 + / WIndows/Active Directory 2003 / OS 10.4 server for management purposes.
any ideas?my apologies.... posted this question in the wrong forum. will repost.
-
Hello everyone
I have a network infrastructure consisting of 3 sites, site A, site B, and site C. i have 2 domain controllers on every site, and the AD roles are on the primary domain controller on site A. On site A I have an Exchange 2013sp1 CU6.
I want to create a second Exchange on Site B, with the roles of mailbox (the exchange on Site A will be first DAG member and the Exchange on Site B will be the second member of the DAG) and CAS.
First question: Is my thought correct about installaing on the same server mailbox and CAS server?
Second question: how many DAG witnesses I need for the DAG? One per site, or one in general (for example located on site A)
Third question: When I am trying to perform “Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms” I receive the error
“ Setup encountered a problem while validating the state of Active Directory:
The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema can't be executed. See the Exchange setup log for more information on this error. For more information, visit:
http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
I tried to run the PrepareSchema from the ISO of Exchange 2013 SP1 and form the extracted content of Exchange 2013SP1 CU6 archive, but still receive the same error. Any ideas?
Thanks in advance.Thank you for your answer,
I have tried to run "Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms” from
Exchange 2013 CU6 media, but I still receive the error:
The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema
can't be executed. See the Exchange setup log for more information on this error. For more information, visit:http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
any ideas?
Maybe you are looking for
-
How do I handle multiple users - iPad, 2 iPhones, itunes, 1 appleID?
I need to get this right the first time and MUCH appreciate all tested help advice. I have exhaused the support site. About everything is directed at a single user, rather than "family". Existing Configuration: 1 Apple ID 1 iPad 3G/WiFi used by 2 use
-
VOIP app crashing in iOS 8.1?
Hi guys, I have developed a VOIP application which also runs in background mode. The application runs perfectly in devices which has iOS 7 but after upgrading to iOS 8.1 it constantly crashing in background and also in foreground mode.
-
Problems with managed beans on included JSPs
I've got a problem with managed beans within an included JSP The included page looks as follows: <f:subview id="includedPage" binding="#{testBean.component}"> <h:outputText value="Hallo from the included page"/> <h:outputText value="#{testB
-
Setting up with Ricoh MP C5000 - Help!
Hi, I am using a new macbook pro (10.7.3) at work and we use the ricoh mp c5000 at work. I have tried so many different drivers but nothing seems to work. When I try to print one page, about 20 get printed with all of this garbled text,=. If someon
-
Mterial Number mandatory for Purcahse Resuisition except for Nonstockable I
Hi All, The requirement is like material number should be mandatory except for Non Stockable items (likePen, Stationery Items) while creating a Purchase Requisition. I know in SPRO Settings, "Define Screen Layout at Documnet Level" in Purchase Requ