Active Directory and Mobile computer with 10.8.4

Similar Messages

• 10.6 home directory mounting with active directory and open directory integration

  Hi guys i am having some issues in my new mac environment. I have a windows network with an server 2008 active directory. I have just recentlly created a "magic triangle" setup with active directory and open directory. When my users login via windows their home folders mount perfect. When any user logs in to any iMac in the building it does not work. They login perfectly fine, but their home folders do not mount. When i try mounting them manually with smb, i get a prompt for credentials. I am thinking this is my issue, my Single sign on with kerbos is working but for some reason is not logging in correctly. If i type in my credentials with my domain first then my name it works.
  For example DOMAIN\jsmith works, but the way i think the mac and active directory is doing it now is just jsmith without the DOMAIN.
  I feel like this is the problem with the home folders not mounting.
  Can anyone provide some help with this?
  Thanks,
  Dani

  Hi dani190,
  are you using the fully qualified domain name of the network server? ie if your server is bob. and your domain is domain.company.com. then the FQDNS would typically be bob.domain.company.com or bob.company.com.
  If the FQDNS works, then have you checked in the AD to make sure the path to the network home folder uses the FQDNS?
  For the contact search path, did you put the AD at the top the list? (in directory utility)
  Did you set the WINS work group on your client computer to your domain?
  ie:Apple Menu, System Preferences, Network, Active Network Port (ethernet and or airport) , Advanced Button, WINS Tab, set workgroup to the name of your domain. ie domain.company.com and or company.com

• Active Directory - SharePoint Replication Problem with User Information

  Hi, we have a implementation of SharePoint 2010 stand alone server, when we start to work in this server, we add the users from Active Directory services implemented in our company. This users had information like the email and department. When i add one
  user to SharePoint, sharepoint import all information user.
  The problem is when i change the email information from the user in Active Directory, this information didnt replicate to SharePoint.  The user have the new email In Active Directory and the old email in SharePoint.
  How can i replicate new one all information from the user to SharePoint?
  I hope someone can help me..
  thanks. 

  Standalone installations of SharePoint do not support the User Profile Sync Service. You'll want to use a farm installation for that functionality.
  Are you using SharePoint Foundation, Standard, or Enterprise? The UPSS only comes with Standard and Enterprise.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Open Directory and Mobile Home Folders

  Hi All,
  I am a bit confused about Open Directory and Mobile Accounts! here is our scenario. We have an Open Directory setup and all Accounts are set to mobile, accounts are almost 250+, my main problem is the Synchronization Conflicts, the accounts are automated to sync every 30 mins, the problem is every now and then schronization conflict windows popups, our users are complaining almost everytime, another problem is all of the users home folder has a qouta of 5GB, problem is there are users who excedd on the qouta some goes up to 60GB and 100GB, how do i solve this two problems. i am about to loose my mind. We setup like this in order for us to have a backup of all files of the users in case problem arises in the workstation. i have notice that synching file error comes up if you have temporary files used by any applications. the home folder of each user will exclude library, trash, music and entourage databse. Please Do help me.!!! Anyone who knows..?
  Environment
  OD Server - MacOS X Server Tiger 10.4.4
  Workstations - mix MacOS X Tiger 10.4.4 - 10.4.7
  AFP Home Folder - MacOS X Server Tiger 10.4.6 mounted Xsan Volume for home folders
  johnaris
  PLEASE HELP!

  Thanks for the info, by now i will look into that little utility that is very helpful (console!)
  Yes, I was thinking of synching our users at login and logout, the problem here is that, users here has bigger home folders.. mostly about 3GB, and it will took time to login a user, about 6-10 mins, depends on the network, we have networks users that that has slow networks and fast network on video editing users. What I did is that i excluded the Library in the synch options on each unit here, since we are not using Apple's Mail and iCal, it did minimize the synching error but the temp files and date discripancies are mostly that will generate an error, I am having really problems with this.
  thanks for the info i really appreciate it.

• User synchronization issue between Active Directory and Solution manager.

  Requirement:
  Synchronize the users between Active directory and solution manager system.
  <u>What we did:</u>
  1.     Created RFC connection (LDAP_RFC) for LDAP connector.
  2.     Created new LDAP connector that utilize the RFC (LDAP_RFC).
  3.     Created new logical LDAP Server(CUA).Here we have to maintain the connection
  details to the physical directory.
  4.     We maintained the communication user that is used by the LDAP connector to bind the LDAP Directory Server.
  5.     In transaction LDAPMAP specific SAP data fields, we mapped to the desired
  directory attributes.
  6.     Testing from LDAP transaction working fine. We are able to see the attributes and
  values       from Active directory.
  <b><u>Issue:</u></b>
  When executed the program RSLDAPSYNC_USER for user synchronization from t-code se38 with below selection .
  LDAP Server = CUA (created earlier)
  LDAP Connector = LDAP_RFC (RFC connection created created ealier)
  In the tab: (Object that exist both in the directory and in the Database:)
  Selected: Compare Time Stamp.
  In the tab: (Objects the only exist in the Directory.)
  Selected : Create in Database.
  In the tab(Objects that only Exist in the Database:
  Selected: Ignore Object.
  Result from the report shows that connection to LDAP server is fine and ‘0’(zero) objects in Directory.
  The program does not create any new user in the Solution Manager system.
  Any help on this issue greatly appreciated.
  Thanks & Regards,
  Harish

  where did you see this error ? is there anymore details.
  i think the account you are using for Sync does not have Replicate Directory Changes permission in AD. follow below article and give Replicate directory changes permission.
  http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
  Thanks, Noddy

• Store signature image in Active Directory and deploy it to each users desktop

  What I am trying to achieve is to have each user a hand written signature scanned in and stored in the .jpgPhoto attribute in Active Directory and then have some sort of script, like our login script, pull that information and copy the file to the users
  desktop.  We are wanting to be able to allow users to apply the signature image on a signature line in Office 2010 or InfoPath forms instead of typing their name.    I know there has to be a way to do this but I have not found it yet and I am
  not very good at scripting.  Is there anyone here that has accomplished such a task and if so, how did you go about doing it? 
  David Hood

  We already have Outlook email signatures created from AD information deployed to all users.  Someone else on my team deployed that already and it works great.  But that is just basic user info pulled from fields that were manually entered in
  the user account.  What I want to do is have a user scribble their signature on a piece of paper or a tablet, capture an image of that to crop and resize to store in the AD user account or somewhere secure that can be queried to be pushed to that users
  desktop.  I work at a state government agency and I have heard of another agency doing this but I have no idea how they did it.  The only thing I could think of is to have a script ran during login to query the AD attribute the image is stored in,
  pull it and then copy it to the users machine so when they sign a word document or .PDF with a digital signature they also have the option to place that image in the signature line. 
  David Hood

• How to manage Active directory and tools to manage Active Directory

  How to manage Active directory and which tools we use?

  You can use Microsoft Active Directory management tools:
  http://technet.microsoft.com/en-us/library/aa998508(EXCHG.65).aspx
  http://technet.microsoft.com/en-us/library/aa998508(EXCHG.65).aspx
  erview of Server Message Block signing
  http://support.microsoft.com/kb/887429/en-us
  Remote Server Administration Tools for Windows 7:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en
  AD Admin Center:
  http://technet.microsoft.com/en-us/library/dd560651(WS.10).aspx
  http://technet.microsoft.com/en-us/library/dd560652(WS.10).aspx
  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.

• Exporting Active directory users to excel with conditions

  I'm trying to export AD users with selected fields out to a spreadsheet, with the condition that the employeeid field is greater than 99999.    I found a VBScript elsewhere on this site that does everything i need, even filtering on the employeeid
  field except that when it export to the spreadsheet the employeeid field comes back as if it's blank.  But i know it's not as it will do the filtering correctly.  Below is the script i've been using.   As i said it will correctly list all users
  with employeeid greated than 5 digits but it just won't export the actual employeeid field
  Dim ObjWb 
  Dim ObjExcel 
  Dim x, zz 
  Set objRoot = GetObject("LDAP://RootDSE") 
  strDNC = objRoot.Get("DefaultNamingContext") 
  Set objDomain = GetObject("LDAP://" & strDNC) ' Bind to the top of the Domain using LDAP using ROotDSE 
  Call ExcelSetup("Sheet1") ' Sub to make Excel Document 
  x = 1 
  Call enummembers(objDomain) 
  Sub enumMembers(objDomain) 
  On Error Resume Next 
  Dim Secondary(20) ' Variable to store the Array of 2ndary email alias's 
  For Each objMember In objDomain ' go through the collection 
  if ObjMember.EmployeeID > 199999 Then  'if employee id greater than 199999 then add to spreadsheet (meaning physician)
  x = x +1 ' counter used to increment the cells in Excel 
  ' I set AD properties to variables so if needed you could do Null checks or add if/then's to this code 
  ' this was done so the script could be modified easier. 
  SamAccountName = ObjMember.samAccountName 
  FirstName = objMember.GivenName 
  LastName = objMember.sn 
  EmployeeID = ojbMember.employeeID
  EmailAddr = objMember.mail 
  Addr1 = objMember.streetAddress 
  Title = ObjMember.Title 
  Department = objMember.Department
  ' Write the values to Excel, using the X counter to increment the rows. 
  objwb.Cells(x, 1).Value = EmployeeID
  objwb.Cells(x, 2).Value = SamAccountName 
  objwb.Cells(x, 3).Value = FirstName 
  objwb.Cells(x, 4).Value = LastName 
  objwb.Cells(x, 5).Value = EmailAddr
  objwb.Cells(x, 6).Value = Addr1 
  objwb.Cells(x, 7).Value = Title 
  objwb.Cells(x, 8).Value = Department 
  ' Write out the Array for the 2ndary email addresses. 
  For ll = 1 To 20 
  objwb.Cells(x,26+ll).Value = Secondary(ll) 
  Next 
  ' Blank out Variables in case the next object doesn't have a value for the property 
  EmployeeID = "-"
  SamAccountName = "-" 
  FirstName = "-" 
  LastName = "-" 
  EmailAddr = "-" 
  Addr1 = "-" 
  Title = "-" 
  Department = "-" 
  For ll = 1 To 20 
  Secondary(ll) = "" 
  Next 
  End If 
  ' If the AD enumeration runs into an OU object, call the Sub again to itinerate 
  If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then 
  enumMembers (objMember) 
  End If 
  Next 
  End Sub 
  Sub ExcelSetup(shtName) ' This sub creates an Excel worksheet and adds Column heads to the 1st row 
  Set objExcel = CreateObject("Excel.Application") 
  Set objwb = objExcel.Workbooks.Add 
  Set objwb = objExcel.ActiveWorkbook.Worksheets(shtName) 
  Objwb.Name = "Active Directory Users" ' name the sheet 
  objwb.Activate 
  objExcel.Visible = True 
  objwb.Cells(1, 1).Value = "EmployeeID"
  objwb.Cells(1, 2).Value = "SAMAccountName"
  objwb.Cells(1, 3).Value = "FirstName" 
  objwb.Cells(1, 4).Value = "LastName"  
  objwb.Cells(1, 5).Value = "Email" 
  objwb.Cells(1, 6).Value = "Addr1" 
  objwb.Cells(1, 7).Value = "Title" 
  objwb.Cells(1, 8).Value = "Department" 
  End Sub 
  MsgBox "User dump has completed.", 64, "AD Dump" ' show that script is complete

  Here is a test version
  Set xl = CreateObject("Excel.Application")
  xl.Visible = True
  Set wb = xl.Workbooks.Add()
  Set sheet = wb.Worksheets("sheet1")
  sheet.Name = "Active Directory Users"
  i = 1
  With sheet
  .Cells(i, 1).Value = "EmployeeID"
  .Cells(i, 2).Value = "SAMAccountName"
  .Cells(i, 3).Value = "FirstName"
  .Cells(i, 4).Value = "LastName"
  .Cells(i, 5).Value = "Email"
  .Cells(i, 6).Value = "Addr1"
  .Cells(i, 7).Value = "Title"
  .Cells(i, 8).Value = "Department"
  End With
  Set users = GetADUsers()
  While Not users.EOF
  i = i + 1
  With sheet
  .Cells(i, 1).Value = users("employeeID")
  .Cells(i, 2).Value = users("samAccountName")
  .Cells(i, 3).Value = users("GivenName")
  .Cells(i, 4).Value = users("sn")
  .Cells(i, 5).Value = users("mail")
  .Cells(i, 6).Value = users("streetAddress")
  .Cells(i, 7).Value = users("Title")
  .Cells(i, 8).Value = users("Department")
  End With
  users.MoveNext
  Wend
  Function GetADUsers()
  Set rootDSE = GetObject("LDAP://RootDSE")
  base = "<LDAP://" & rootDSE.Get("defaultNamingContext") & ">"
  filt = "(&(objectClass=user)(objectCategory=Person))"
  attr = "employeeid,SAMAccountName,mail,GivenName,sn,streetAddress,Title,Department"
  scope = "subtree"
  Set conn = CreateObject("ADODB.Connection")
  conn.Provider = "ADsDSOObject"
  conn.Open "Active Directory Provider"
  Set cmd = CreateObject("ADODB.Command")
  Set cmd.ActiveConnection = conn
  cmd.CommandText = base & ";" & filt & ";" & attr & ";" & scope
  Set GetADUsers = cmd.Execute()
  End Function
  ¯\_(ツ)_/¯

• JNDI, Active Directory and Persistent Searches (part 2)

  The original post of this title which was located at http://forum.java.sun.com/thread.jspa?threadID=578342&tstart=200 subsequently disappeared into the ether (as with many other posts).
  By request I am reposting the sample code which demonstrates receiving notifications of object changes on the Active Directory.
  Further information on both the Active Directory and dirsynch and ldap notification mechanisms can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/overview_of_change_tracking_techniques.asp
  * ldapnotify.java
  * December 2004
  * Sample JNDI application that uses AD LDAP Notification Control.
  import java.util.Hashtable;
  import java.util.Enumeration;
  import javax.naming.*;
  import javax.naming.ldap.*;
  import com.sun.jndi.ldap.ctl.*;
  import javax.naming.directory.*;
  class NotifyControl implements Control {
       public byte[] getEncodedValue() {
               return new byte[] {};
         public String getID() {
            return "1.2.840.113556.1.4.528";
       public boolean isCritical() {
            return true;
  class ldapnotify {
       public static void main(String[] args) {
            Hashtable env = new Hashtable();
            String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";
            String adminPassword = "XXXXXXXX";
            String ldapURL = "ldap://mydc.antipodes.com:389";
            String searchBase = "DC=antipodes,DC=com";
            //For persistent search can only use objectClass=*
            String searchFilter = "(objectClass=*)";
                 env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
            //set security credentials, note using simple cleartext authentication
            env.put(Context.SECURITY_AUTHENTICATION,"simple");
            env.put(Context.SECURITY_PRINCIPAL,adminName);
            env.put(Context.SECURITY_CREDENTIALS,adminPassword);
            //connect to my domain controller
            env.put(Context.PROVIDER_URL,ldapURL);
            try {
                 //bind to the domain controller
                    LdapContext ctx = new InitialLdapContext(env,null);
                 // Create the search controls           
                 SearchControls searchCtls = new SearchControls();
                 //Specify the attributes to return
                 String returnedAtts[] = null;
                 searchCtls.setReturningAttributes(returnedAtts);
                 //Specify the search scope
                 searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                       //Specifiy the search time limit, in this case unlimited
                 searchCtls.setTimeLimit(0);
                 //Request the LDAP Persistent Search control
                       Control[] rqstCtls = new Control[]{new NotifyControl()};
                       ctx.setRequestControls(rqstCtls);
                 //Now perform the search
                 NamingEnumeration answer = ctx.search(searchBase,searchFilter,searchCtls);
                 SearchResult sr;
                       Attributes attrs;
                 //Continue waiting for changes....forever
                 while(true) {
                      System.out.println("Waiting for changes..., press Ctrl C to exit");
                      sr = (SearchResult)answer.next();
                            System.out.println(">>>" + sr.getName());
                      //Print out the modified attributes
                      //instanceType and objectGUID are always returned
                      attrs = sr.getAttributes();
                      if (attrs != null) {
                           try {
                                for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
                                     Attribute attr = (Attribute)ae.next();
                                     System.out.println("Attribute: " + attr.getID());
                                     for (NamingEnumeration e = attr.getAll();e.hasMore();System.out.println("   " + e.next().toString()));
                           catch (NullPointerException e)     {
                                System.err.println("Problem listing attributes: " + e);
            catch (NamingException e) {
                        System.err.println("LDAP Notifications failure. " + e);
  }

  Hi Steven
  How can I detect what change was made ? Is there an attribute that tell us ?
  Thanks
  MHM

• Active Directory and many OUs

  Hello all,
  This topic might have been talked about before but after a lot of searching I still have not found a solution, so I ask for a bit of help.
  In our Active Directory there are many OUs where users are kept. There is no one top OU where you can start your search. I don't really know why it was set up this way and I don't have an option to change that. I would really like to have ou=users like most have!
  So when I try to authenticate a user (I'm installing DSpace in my uni) I cannot automatically add the OU for the user trying to log in and the users themselves don't know their OU (well, why would they!).
  I'm hoping there is some simple solution to this. Maybe JNDI API allows for searching in many OUs at the same time (some fixed list in the code)? Or maybe the OU is not needed at all in the search?
  Any help/hints would be appreciated.
  best regards, Logi

  For searching, you can issue a subtree search will search through the entire subtree, irrespective of how many levels of OU's may exist, by using SearchControls.SUBTREE_SCOPE
  Have a look at the tutorial at http://java.sun.com/products/jndi/tutorial/basics/directory/scope.html
  For authentication, you can either get the user to enter their:
  distinguished name
  (cn=Albert Eirnstein, ou=Research,dc=Antipodes,dc=com), although that is not entirely user friendly
  their NT style logon name (samAccountName)
  ANTIPODES\alberte, more user friendly,
  or their Windows 200 style logon name (userPrincipalName),
  [email protected], equally as user friendly.
  You may also want to look at some of the following posts:
  JNDI, Active Directory and Authentication (Part 1) (Kerberos)
  http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
  JNDI, Active Directory & Authentication (part 2) (SSL)
  http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50
  JNDI, Active Directory & Authentication (part 3) (Digest-MD5)
  http://forum.java.sun.com/thread.jspa?threadID=581868&tstart=150
  JNDI, Active Directory & Authentication (part 4) (SASL EXTERNAL)
  http://forum.java.sun.com/thread.jspa?threadID=641047&tstart=0
  JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)
  http://forum.java.sun.com/thread.jspa?threadID=726601&tstart=0
  JNDI, Active Directory, Referrals and Global Catalog
  http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15

• How to map active directory and wordpress ?

  i want to import my existing wordpress users in Active Directory but status is not changed.
  This topic first appeared in the Spiceworks Community

  1) I want to Import wordpress user in active Directory
  2) so,I install one plugin like "Active Directory Integrate".
  3) I configure this plugin and import users in Active Directory
  4) I want to Enable user in Active directory and importing in Active Direcoty.
  help me

• How do i have CC on home and work computer with same account?

  How do i have CC on home and work computer with same account?

  Hi Markofm,
  You may install software on up to two computers. These two computers can be Windows, Mac OS, or one each.
  If you install on a third computer, it will request you to De-activate on the other two computers.  You can then reactivate one of the previous two computers, and use Creative Cloud apps on it.
  If you regularly need to use the Creative Cloud on more than two computers then it would be best to purchase an additional subscription.  This is the same licensing between which we have for our perpetual product.  An advantage though for Creative Cloud over the perpetual product is that you can install on Mac and Windows with the same subscription!
  Thanks & Regards,
  Sanjeeta

• If i buy a movie in itunes, the movie will be avaliable on my iMac and my computer with itunes? They have the same ID Apple...

  if i buy a movie in itunes, the movie will be avaliable on my iMac and my computer with itunes? They have the same ID Apple...

  Once the movie has completey download, having an Internet connection is no longer necessary. It would be wise to test the movie before you leave, though, in case of glitches.
  Regards.

• 10.4.x and Active Directory Logins - mobile accounts

  Managing 10.4.x workstations and trying to get AD logins to work using OS X AD plugin set to "create mobile home" and "Force local home directory".
  AD user accounts get stuck at the login window. The user name and password field are greyed out and the computer sits like that for a long time. Computer responds when pressing the power button to restart, shutdown, sleep, or cancel.
  Console reads: automount 174: can't mount server name .... invalid argument (22) over and over
  tried setting automount in /etc/hostconfig to NO and that just keeps returning the "unable to login as user .... afp/smb error"
  If the AD plug in is cofigured with out the "create mobile home" and "force local home directory" checked, the AD user can log in with a true network home directory.
  Seems like the login doesn't work when it's set to create a mobile home and mount the users network folder in the dock.
  Clients are Mac 10.4.9 + / WIndows/Active Directory 2003 / OS 10.4 server for management purposes.
  any ideas?

  my apologies.... posted this question in the wrong forum. will repost.

• Creation of a second Exchange 2013 server on a different site (with the roles of MBX and CAS) fails on prepare active directory and prepare schema.

  Hello everyone
  I have a network infrastructure  consisting of 3 sites, site A, site B, and site C. i have 2 domain controllers on every site, and the AD roles are on the primary domain controller on site A. On site A I have an Exchange 2013sp1 CU6.
  I want to create a second Exchange on Site B, with the roles of mailbox (the exchange on Site A will be first DAG member and the Exchange on Site B will be the second member of the DAG) and CAS.
  First question: Is my  thought correct about installaing on the same server mailbox and CAS server?
  Second question: how many DAG witnesses I need for the DAG? One per site, or one in general (for example located on site A)
  Third question: When I am trying to perform “Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms”  I receive the error
  “ Setup encountered a problem while validating the state of Active Directory:
   The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema can't be executed.  See the Exchange setup log for more information on this error. For more information, visit:
  http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
  I tried  to run the PrepareSchema from  the ISO of Exchange 2013 SP1 and form the extracted content of Exchange 2013SP1 CU6 archive, but still receive the same error. Any ideas?
  Thanks in advance.

  Thank you for your answer,
  I have tried to run "Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms”  from
  Exchange 2013 CU6 media, but I still receive  the error:
  The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema
  can't be executed.  See the Exchange setup log for more information on this error. For more information, visit:http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
  any ideas?