Attandent Console - Active Directory and Non-AD users

Similar Messages

• User synchronization issue between Active Directory and Solution manager.

  Requirement:
  Synchronize the users between Active directory and solution manager system.
  <u>What we did:</u>
  1.     Created RFC connection (LDAP_RFC) for LDAP connector.
  2.     Created new LDAP connector that utilize the RFC (LDAP_RFC).
  3.     Created new logical LDAP Server(CUA).Here we have to maintain the connection
  details to the physical directory.
  4.     We maintained the communication user that is used by the LDAP connector to bind the LDAP Directory Server.
  5.     In transaction LDAPMAP specific SAP data fields, we mapped to the desired
  directory attributes.
  6.     Testing from LDAP transaction working fine. We are able to see the attributes and
  values       from Active directory.
  <b><u>Issue:</u></b>
  When executed the program RSLDAPSYNC_USER for user synchronization from t-code se38 with below selection .
  LDAP Server = CUA (created earlier)
  LDAP Connector = LDAP_RFC (RFC connection created created ealier)
  In the tab: (Object that exist both in the directory and in the Database:)
  Selected: Compare Time Stamp.
  In the tab: (Objects the only exist in the Directory.)
  Selected : Create in Database.
  In the tab(Objects that only Exist in the Database:
  Selected: Ignore Object.
  Result from the report shows that connection to LDAP server is fine and ‘0’(zero) objects in Directory.
  The program does not create any new user in the Solution Manager system.
  Any help on this issue greatly appreciated.
  Thanks & Regards,
  Harish

  where did you see this error ? is there anymore details.
  i think the account you are using for Sync does not have Replicate Directory Changes permission in AD. follow below article and give Replicate directory changes permission.
  http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
  Thanks, Noddy

• Store signature image in Active Directory and deploy it to each users desktop

  What I am trying to achieve is to have each user a hand written signature scanned in and stored in the .jpgPhoto attribute in Active Directory and then have some sort of script, like our login script, pull that information and copy the file to the users
  desktop.  We are wanting to be able to allow users to apply the signature image on a signature line in Office 2010 or InfoPath forms instead of typing their name.    I know there has to be a way to do this but I have not found it yet and I am
  not very good at scripting.  Is there anyone here that has accomplished such a task and if so, how did you go about doing it? 
  David Hood

  We already have Outlook email signatures created from AD information deployed to all users.  Someone else on my team deployed that already and it works great.  But that is just basic user info pulled from fields that were manually entered in
  the user account.  What I want to do is have a user scribble their signature on a piece of paper or a tablet, capture an image of that to crop and resize to store in the AD user account or somewhere secure that can be queried to be pushed to that users
  desktop.  I work at a state government agency and I have heard of another agency doing this but I have no idea how they did it.  The only thing I could think of is to have a script ran during login to query the AD attribute the image is stored in,
  pull it and then copy it to the users machine so when they sign a word document or .PDF with a digital signature they also have the option to place that image in the signature line. 
  David Hood

• Active Directory and many OUs

  Hello all,
  This topic might have been talked about before but after a lot of searching I still have not found a solution, so I ask for a bit of help.
  In our Active Directory there are many OUs where users are kept. There is no one top OU where you can start your search. I don't really know why it was set up this way and I don't have an option to change that. I would really like to have ou=users like most have!
  So when I try to authenticate a user (I'm installing DSpace in my uni) I cannot automatically add the OU for the user trying to log in and the users themselves don't know their OU (well, why would they!).
  I'm hoping there is some simple solution to this. Maybe JNDI API allows for searching in many OUs at the same time (some fixed list in the code)? Or maybe the OU is not needed at all in the search?
  Any help/hints would be appreciated.
  best regards, Logi

  For searching, you can issue a subtree search will search through the entire subtree, irrespective of how many levels of OU's may exist, by using SearchControls.SUBTREE_SCOPE
  Have a look at the tutorial at http://java.sun.com/products/jndi/tutorial/basics/directory/scope.html
  For authentication, you can either get the user to enter their:
  distinguished name
  (cn=Albert Eirnstein, ou=Research,dc=Antipodes,dc=com), although that is not entirely user friendly
  their NT style logon name (samAccountName)
  ANTIPODES\alberte, more user friendly,
  or their Windows 200 style logon name (userPrincipalName),
  [email protected], equally as user friendly.
  You may also want to look at some of the following posts:
  JNDI, Active Directory and Authentication (Part 1) (Kerberos)
  http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
  JNDI, Active Directory & Authentication (part 2) (SSL)
  http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50
  JNDI, Active Directory & Authentication (part 3) (Digest-MD5)
  http://forum.java.sun.com/thread.jspa?threadID=581868&tstart=150
  JNDI, Active Directory & Authentication (part 4) (SASL EXTERNAL)
  http://forum.java.sun.com/thread.jspa?threadID=641047&tstart=0
  JNDI, Active Directory and Authentication (part 5, LDAP Fastbinds)
  http://forum.java.sun.com/thread.jspa?threadID=726601&tstart=0
  JNDI, Active Directory, Referrals and Global Catalog
  http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15

• Does Active Directory Support Non English Languages?

  Hi,
  I want to know that does Active Directory Support Non English Languages like japanes, Arabian?
  I think we can have domain name in non english languages also. How active directory handles it.
  Sandeep Gupta

  This actually isn't controlled by Active Directory but by the core operating system and its language packs.
  Server 2012
  http://www.microsoft.com/oem/en/installation/downloads/Pages/Windows-Server-2012-Language-Packs.aspx?mtag=TW-P-S12#fbid=CPJWmInHH14
  Server 2008 R2
  http://www.microsoft.com/en-us/download/details.aspx?id=1246
  Server 2008
  http://www.microsoft.com/en-us/download/details.aspx?id=22681
  Paul Bergson
  MVP - Directory Services MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs
  http://blogs.dirteam.com/blogs/paulbergson < br> Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided AS IS with no warranties, and confers no rights.

• How to map active directory and wordpress ?

  i want to import my existing wordpress users in Active Directory but status is not changed.
  This topic first appeared in the Spiceworks Community

  1) I want to Import wordpress user in active Directory
  2) so,I install one plugin like "Active Directory Integrate".
  3) I configure this plugin and import users in Active Directory
  4) I want to Enable user in Active directory and importing in Active Direcoty.
  help me

• 10.6 home directory mounting with active directory and open directory integration

  Hi guys i am having some issues in my new mac environment. I have a windows network with an server 2008 active directory. I have just recentlly created a "magic triangle" setup with active directory and open directory. When my users login via windows their home folders mount perfect. When any user logs in to any iMac in the building it does not work. They login perfectly fine, but their home folders do not mount. When i try mounting them manually with smb, i get a prompt for credentials. I am thinking this is my issue, my Single sign on with kerbos is working but for some reason is not logging in correctly. If i type in my credentials with my domain first then my name it works.
  For example DOMAIN\jsmith works, but the way i think the mac and active directory is doing it now is just jsmith without the DOMAIN.
  I feel like this is the problem with the home folders not mounting.
  Can anyone provide some help with this?
  Thanks,
  Dani

  Hi dani190,
  are you using the fully qualified domain name of the network server? ie if your server is bob. and your domain is domain.company.com. then the FQDNS would typically be bob.domain.company.com or bob.company.com.
  If the FQDNS works, then have you checked in the AD to make sure the path to the network home folder uses the FQDNS?
  For the contact search path, did you put the AD at the top the list? (in directory utility)
  Did you set the WINS work group on your client computer to your domain?
  ie:Apple Menu, System Preferences, Network, Active Network Port (ethernet and or airport) , Advanced Button, WINS Tab, set workgroup to the name of your domain. ie domain.company.com and or company.com

• Pre-populate adapter for setting the Active Directory OU for a user

  Hi All
  I created a pre-populate adapter that set the Active Directory OU for a user...
  In the end the status of the resource is still showing "provisioning"..
  It must be "Provsioned"..did I miss something ?
  The logs speak as below :-
  08:01:12,678 INFO [STDOUT] Running Create User
  08:01:12,678 INFO [STDOUT] Before appending Root Context:OU=Human Resources,
  08:01:12,678 INFO [STDOUT] tcUtilLDAPController.java : hierString : OU=Human Resources,dc=mydomain,dc=com
  08:01:13,553 ERROR [ACTIVEDIRECTORYCONTROLLER] Problem creating object: javax.naming.OperationNotSupportedException: [LD
  AP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
  ]; remaining name 'cn=ASYMONDS'
  08:03:18,756 INFO [[xlWebApp]] action: LogonAction: User 'XELSYSADM' logged on in session 8116CBC0FA1481D06A207A1941B9
  E096
  08:22:31,256 ERROR [WEBAPP] Class/Method: ProvisionedResourcesForUserAction/confirmEnableSelection encounter some proble
  ms: No checkbox was checked.

  Just verify the OU value is correctly populated , first try doing the provisioning by manually giving OU and everything .
  Is it successful ?
  Then we can check if something wrong going with pre pop.
  Thanks
  Suren

• JNDI, Active Directory and Persistent Searches (part 2)

  The original post of this title which was located at http://forum.java.sun.com/thread.jspa?threadID=578342&tstart=200 subsequently disappeared into the ether (as with many other posts).
  By request I am reposting the sample code which demonstrates receiving notifications of object changes on the Active Directory.
  Further information on both the Active Directory and dirsynch and ldap notification mechanisms can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/overview_of_change_tracking_techniques.asp
  * ldapnotify.java
  * December 2004
  * Sample JNDI application that uses AD LDAP Notification Control.
  import java.util.Hashtable;
  import java.util.Enumeration;
  import javax.naming.*;
  import javax.naming.ldap.*;
  import com.sun.jndi.ldap.ctl.*;
  import javax.naming.directory.*;
  class NotifyControl implements Control {
       public byte[] getEncodedValue() {
               return new byte[] {};
         public String getID() {
            return "1.2.840.113556.1.4.528";
       public boolean isCritical() {
            return true;
  class ldapnotify {
       public static void main(String[] args) {
            Hashtable env = new Hashtable();
            String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";
            String adminPassword = "XXXXXXXX";
            String ldapURL = "ldap://mydc.antipodes.com:389";
            String searchBase = "DC=antipodes,DC=com";
            //For persistent search can only use objectClass=*
            String searchFilter = "(objectClass=*)";
                 env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
            //set security credentials, note using simple cleartext authentication
            env.put(Context.SECURITY_AUTHENTICATION,"simple");
            env.put(Context.SECURITY_PRINCIPAL,adminName);
            env.put(Context.SECURITY_CREDENTIALS,adminPassword);
            //connect to my domain controller
            env.put(Context.PROVIDER_URL,ldapURL);
            try {
                 //bind to the domain controller
                    LdapContext ctx = new InitialLdapContext(env,null);
                 // Create the search controls           
                 SearchControls searchCtls = new SearchControls();
                 //Specify the attributes to return
                 String returnedAtts[] = null;
                 searchCtls.setReturningAttributes(returnedAtts);
                 //Specify the search scope
                 searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                       //Specifiy the search time limit, in this case unlimited
                 searchCtls.setTimeLimit(0);
                 //Request the LDAP Persistent Search control
                       Control[] rqstCtls = new Control[]{new NotifyControl()};
                       ctx.setRequestControls(rqstCtls);
                 //Now perform the search
                 NamingEnumeration answer = ctx.search(searchBase,searchFilter,searchCtls);
                 SearchResult sr;
                       Attributes attrs;
                 //Continue waiting for changes....forever
                 while(true) {
                      System.out.println("Waiting for changes..., press Ctrl C to exit");
                      sr = (SearchResult)answer.next();
                            System.out.println(">>>" + sr.getName());
                      //Print out the modified attributes
                      //instanceType and objectGUID are always returned
                      attrs = sr.getAttributes();
                      if (attrs != null) {
                           try {
                                for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
                                     Attribute attr = (Attribute)ae.next();
                                     System.out.println("Attribute: " + attr.getID());
                                     for (NamingEnumeration e = attr.getAll();e.hasMore();System.out.println("   " + e.next().toString()));
                           catch (NullPointerException e)     {
                                System.err.println("Problem listing attributes: " + e);
            catch (NamingException e) {
                        System.err.println("LDAP Notifications failure. " + e);
  }

  Hi Steven
  How can I detect what change was made ? Is there an attribute that tell us ?
  Thanks
  MHM

• How to manage Active directory and tools to manage Active Directory

  How to manage Active directory and which tools we use?

  You can use Microsoft Active Directory management tools:
  http://technet.microsoft.com/en-us/library/aa998508(EXCHG.65).aspx
  http://technet.microsoft.com/en-us/library/aa998508(EXCHG.65).aspx
  erview of Server Message Block signing
  http://support.microsoft.com/kb/887429/en-us
  Remote Server Administration Tools for Windows 7:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en
  AD Admin Center:
  http://technet.microsoft.com/en-us/library/dd560651(WS.10).aspx
  http://technet.microsoft.com/en-us/library/dd560652(WS.10).aspx
  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.

• Active Directory and 10.8 Server: Can't add users

  I would be most appreciative of any help you folks can give a Mac user at a predominantly Windows/MS/Exchange Tier I university.
  I bought a MacMini to act as the departmental File server to allow a granular level of permissions on folders for faculty, administration, residents and students. The students and residents rotate in yearly or for 2 years at a time.
  The problem has become when I try and add users from the IT ActiveDirectory domain. The IT folks set-up the DNS, gave it a static IP address etc. all correctly.
  The MacMini was also bound to AD in Sys Prefs > Users & Groups > Login Options > Network Account Server to the domain.
  There are over 200,000 users in the university system. When I try and search for a user in the Users sidebar it pulls up a completely random list of users and lists "500+ users" next to the buttons. When I try and search for a user, invariably it fails. Furthermore, there is the term "Not Allowed" next to the names of all the random AD users.
  What am I doing wrong?
  The Sys Admin guy I spoke with said the only way he could figure it out was to go to Groups sidebar, create a new group and add the user that way.
  The whole premise for this is to allow the users the same login ID and PWD they do for every other service on campus. That's it. I then want to be able to control folder permissions directly on the MacMini. Is this possible or do I need to use Open Directory in conjunction with AD?
  Any help for this formerly Apple Power User would be greatly appreciated.
  Thanks folks.

  Hi
  This is a Jabber-ism I think.
  You get this if you are using UDS and the users you are trying to add aren't CUPS-enabled.
  You probably also get it if the users are from LDAP and aren't CUPS enabled.
  CUPC by comparison allows manual contact creation as well as adding of non CUPS people.
  Regards
  Aaron

• Display the users middle initial or middle name in active directory and it shows in outlook 2010 as well.

  I would like for the users middle initial or middle name to show in outlook 2010. I
  can set it in the header meaning I see the middle initial when the email comes in but its not in the signature. I read a post about the middle name attribute has to be set in a/d? if that is the case please provide some feed back on how to accomplish that?
  server 2008, a/d 2008

  In AD, the attribute name is "middleName". You can populate it in bulk using Powershell with
  Set-ADUser cmdlet.
  For Exchange questions, I would recommend asking them here: http://social.technet.microsoft.com/Forums/exchange/en-us/home?category=exchangeserver
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• How do I get info from Active Directory and use it in my web-applications?

  I borrowed a nice piece of code for JNDI hits against Active Directory from this website: http://www.sbfsbo.com/mike/JndiTutorial/
  I have altered it and am trying to use it to retrieve info from our Active Directory Server.
  I altered it to point to my domain, and I want to retrieve a person's full name(CN), e-mail address and their work location.
  I've looked at lots of examples, I've tried lots of things, but I'm really missing something. I'm new to Java, new to JNDI, new to LDAP, new to AD and new to Tomcat. Any help would be so appreciated.
  Thanks,
  To show you the code, and the error message, I've changed the actual names I used for connection.
  What am I not coding right? I get an error message like this:
  javax.naming.NameNotFoundException[LDAP error code 32 - 0000208D: nameErr DSID:03101c9 problem 2001 (no Object), data 0,best match of DC=mycomp, DC=isd, remaining name dc=mycomp, dc=isd
  [code]
  import java.util.Hashtable;
  import java.util.Enumeration;
  import javax.naming.*;
  import javax.naming.directory.*;
  public class JNDISearch2 {
  // initial context implementation
  public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
  public static String MY_HOST = "ldap://99.999.9.9:389/dc=mycomp,dc=isd";
  public static String MGR_DN = "CN=connectionID,OU=CO,dc=mycomp,dc=isd";
  public static String MGR_PW = "connectionPassword";
  public static String MY_SEARCHBASE = "dc=mycomp,dc=isd";
  public static String MY_FILTER =
  "(&(objectClass=user)(sAMAccountName=usersignonname))";
  // Specify which attributes we are looking for
  public static String MY_ATTRS[] =
  { "cn", "telephoneNumber", "postalAddress", "mail" };
  public static void main(String args[]) {
  try { //----------------------------------------------------------        
  // Binding
  // Hashtable for environmental information
  Hashtable env = new Hashtable();
  // Specify which class to use for our JNDI Provider
  env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
  // Specify the host and port to use for directory service
  env.put(Context.PROVIDER_URL, MY_HOST);
  // Security Information
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
  env.put(Context.SECURITY_CREDENTIALS, MGR_PW);
  // Get a reference toa directory context
  DirContext ctx = new InitialDirContext(env);
  // Begin search
  // Specify the scope of the search
  SearchControls constraints = new SearchControls();
  constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
  // Perform the actual search
  // We give it a searchbase, a filter and the constraints
  // containing the scope of the search
  NamingEnumeration results = ctx.search(MY_SEARCHBASE, MY_FILTER, constraints);
  // Now step through the search results
  while (results != null && results.hasMore()) {
  SearchResult sr = (SearchResult) results.next();
  String dn = sr.getName() + ", " + MY_SEARCHBASE;
  System.out.println("Distinguished Name is " + dn);
  // Code for displaying attribute list
  Attributes ar = ctx.getAttributes(dn, MY_ATTRS);
  if (ar == null)
  // Has no attributes
  System.out.println("Entry " + dn);
  System.out.println(" has none of the specified attributes\n");
  else // Has some attributes
  // Determine the attributes in this record.
  for (int i = 0; i < MY_ATTRS.length; i++) {
  Attribute attr = ar.get(MY_ATTRS);
  if (attr != null) {
  System.out.println(MY_ATTRS[i] + ":");
  // Gather all values for the specified attribute.
  for (Enumeration vals = attr.getAll(); vals.hasMoreElements();) {
  System.out.println("\t" + vals.nextElement());
  // System.out.println ("\n");
  // End search
  } // end try
  catch (Exception e) {
  e.printStackTrace();
  System.exit(1);
  My JNDIRealm in Tomcat which actually does the initial authentication looks like this:(again, for security purposes, I've changed the access names and passwords, etc.)
  <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
  connectionURL="ldap://99.999.9.9:389"
  connectionName="CN=connectionId,OU=CO,dc=mycomp,dc=isd"
  connectionPassword="connectionPassword"
  referrals="follow"
  userBase="dc=mycomp,dc=isd"
  userSearch="(&(sAMAccountName={0})(objectClass=user))"
  userSubtree="true"
  roleBase="dc=mycomp, dc=isd"
  roleSearch="(uniqueMember={0})"
  rolename="cn"
  />
  I'd be so grateful for any help.
  Any suggestions about using the data from Active directory in web-application.
  Thanks.
  R.Vaughn

  By this time you probably have already solved this, but I think the problem is that the Search Base is relative to the attachment point specified with the PROVIDER_URL. Since you already specified "DC=mycomp,DC=isd" in that location, you merely want to set the search base to "". The error message is trying to tell you that it could only find half of the "DC=mycomp, DC=isd, DC=mycomp, DC=isd" that you specified for the search base.
  Hope that helps someone.
  Ken Gartner
  Quadrasis, Inc (We Unify Security, www -dot- quadrasis -dot- com)

• SharePoint, Active Directory and GMail

  Dears,
  I have SharePoint 2013 connected to Active Directory with <MyDomain> as domain name, i also have gmail domain <MyDomain> - same name-, we are creating users on our firm to have the same id and email address on both domains,
  my questions are:
  1- how can i sync this process automatically?
  2- SharePoint is not sending email to users on Gmail, knowing that i used the following code to send email from my sharepoint server and it's working fine,
  sing (SPSite site = new SPSite("http://onlinesrv/"))
                  using (SPWeb web = site.RootWeb)
                      bool sent = SPUtility.SendEmail(web, true, false, "user@<MyDomain>.com", "Test gmail", "From SharePoint Portal using gmail account as smtp");
                      Console.WriteLine(sent.ToString());
  Any help ??!

  Hi Omar,
  According to your description, my understanding is that you want to send email to users that have Gmail in AD.
  Whether you have installed SMTP. You need to install SMTP for using Gmail , more information, please refer to the link:
  Configuring Outgoing email settings in SharePoint with Gmail SMTP
  Also, you need to create a User Profile Service Application, then start a full sync to sync the user profile.
  More information, please take a look at:
  http://maxteo.wordpress.com/2013/01/16/configure-sharepoint-2013-outgoing-email-using-gmail-smtp-and-resolving-user-profile-synchronization/
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support

• 10.5.5 Active directory problem for mobile users

  I an running 10.5.5 on a MBP 2.4. The computer is attached to Active Directory for authentication. The accounted is setup as a mobile user with automatic home sync. Below is the problem I'm experiencing after 10.5.5.
  Upgrade worked fine, everything went through as expected. When I got home with computer, couldn't login. I did eventually get logged in, computer became extremely unresponsive at intermittent times.
  At work next day, everything worked fine.
  I believe this is a problem with 10.5.5 computers that are bound to AD, when AD is not available (but internet is.) Some type of weird priority locking or timeout setting? It seems to fail immediately if no network is available, but if the internet is available it is like it gets "hung" waiting for a response.
  Anybody else having similar problems?
  Below are the details on the specific tests that brought me to this conclusion.
  1) Boot with work network cable connected - Works fine
  2) Boot with work wifi network enabled - works fine
  3) Boot with public wifi network enabled and work cable - works fine.
  4) Boot with only public wifi - appears "frozen" (turned off after 5 minutes of trying to login)
  5) Boot without network or wifi - works fine using cached mobile account info
  6) Boot with network cable and public wifi, remove network cable after login- works fine for a period becomes periodically frozen. attempts to do anything become queued, when computer starts responding queue emptys out (can see menus / applications switch around to correspond with clicks.)
  7) Change account to Manual sync of mobile account, again boot with network cable and public wifi, remove network cable- no freezing responds normaly.
  All steps repeated after rebinding computer to AD - same results.

  First rule of installing an upgrade, run permissions repair both before & after. Did you do that?
  I'm using a Mac dual bound to AD & OD, works perfectly. I can't speak for the exact setup of your network but I personally would be suspicious of AD. I had a similar issue some time back where my processor would go crazy with the net directory authentication running like crazy. Turned out AD had somehow forgotten my computer. It only happened away from work where my Mac couldn't contact the AD server (not exactly sure why). I'd try the following.
  1. While at work create a local administrative account on your Mac (you should always have a backup account anyway).
  2. Login as local admin account.
  3. open Directory Utility from the Applications/Utilities folder & remove the AD server (you'll need an account that can bind machines to AD).
  4. re-add your Mac to AD.
  This may resolve your issue & shouldn't hurt anything in the least.