Is it possible to set up a 10.9 server, that authenticates network accounts from a windows domain?

Hello,
I want to set up an OS X 10.9 server to be able to manage the macs with open directory. The macs have already been bound to the windows Active Directory, and the users are logging in using network authentication.
Is there a way to set this up so the requests are sent through the mac server, authenticated with the active directory then managed by open directory?
kind regards,
Chris 

Yes!  Of course!  This is one of the foundational functions of OS X and OS X Server.  The process is relatively easy.  Make sure the server gets an A and PTR record in the AD DNS.  Start by binding the server to AD just like you bound a client.  Once bound to AD and you can confirm access to the users and groups, then promote the server to an Open Directory Master.  This has been called the Magic Triangle, the Cylinder of Destiny, and now, more logically, dual directory binding.
This setup allows all users, groups, passwords, and password policies to remain in AD (where is should stay for centralized control).  But, you can use OS X Server to set policy via Profile Manager (or Workgroup Manager if you are supporting legacy systems), use the Apple services like file sharing through single-sign-on, and more.
DNS and time are critical to success.  Make sure your AD DNS has all the SRV records and uses the reverse zone.  PTR records should exist for all servers in the auth change.  Next, point your Macs and the Mac server at the AD Controller for time sync.  If you have a time skew you will fail auth.
Integration to AD is a very effective deployment model.  In ensures that you are not reinventing the wheel, centralizes account management and password into a centralized system (AD), and allows OD to do its work without risky modification to AD.
R-
Apple Consultants Network
Apple Professional Services
Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Similar Messages

  • Is it possible to manage and view my iCalendar account from my Windows PC?

    I own an iPhone 5 and and iPad 2 but only have Windows computers but would like to be able to manage my iCal account from my Windows devices as well.  How can this be done?  It there an application or desktop widget I can install?

    vredyman,
    Read the following support articles for details:
    1. iCloud Control Panel 3.0 for Windows
    2. Apple - iCloud - Learn how to set up iCloud on all your devices.

  • Need help with setting up a photolibrary on server that can be accessed/edited by multiple users

    Hi:
    I would like to develop an in-house photolibrary for our graphics department. The goal is to be able to add keywords to all our images so that we could have a more dynamic means of searching through our countless scanned images. Lightroom works great with regards to keywording and searching.
    To make it so all the computers in our office could have access to the images, I created a photolibrary on our server that can be accessed by any of the computers in our graphics dept. However, when one computer adds keywords to an image, that info does not show up on any of the other computers. Perhaps this is an issue with the trial version and we need to get the license? A few other people suggested that it might have something to do with my export settings - I tried to play around with the settings but had little luck...Any Advise?
    Thanks,
    Leo

    Thanks for your thorough reply. Is there a way to have one MASTER computer that could create the keywords and have the other computers access the master computer's catlogues - or something of that sort. We are small graphics dept. with three people so even that would suffice.
    Lightroom is not a networked application, and cannot be set up so that multiple computers can access LR via a network.
    The only real workaround with LR is to put the catalog and photos on an external HD and then physically connect the external HD to the computer of the person wanting to use it. So only one person can use the catalog at one time.
    You can look up Digital Asset Management (DAM) software on Google if you really need to have multi-user access and networked.

  • How to set up the "incoming Mail server" for google apss account

    how to set up the "incoming Mail server" for google apss account

    The settings are not generic for all webmail accounts, only your office IT department would know what the server address is for their outgoing email server.  You'll have to ask them about it.

  • Is it possible to set up an iPad on my fiancé's iTunes account in secret?

    I have bought an iPad as a wedding gift for my fiancé and as we are going on our honeymoon before we come home I would like to set it up before I give it to him. We share a laptop which has both our apple ids registered but can I set it up without him finding out?

    As far as I can recall when I set up my iDevices ..... If you set it up with his ID, he will eventually get an email from Apple thanking him for the purchase .... blah, blah, blah.
    I just can't remember how soon the email arrives after set up.

  • Is this possible in TIDAL , Change the Lotus Domino Server (LotusDominoData) service Startup Type from 'Automatic' to 'Manual

    1) Shutdown the Domino server (Lotus Domino Server (LotusDominoData) service)
    2) Change the Lotus Domino Server (LotusDominoData) service Startup Type from 'Automatic' to 'Manual'
    3) Reboot the server
    4) Defragment the drive (D:\ or F:\)
    5) Change the Lotus Domino Server (LotusDominoData) service Startup type from 'Manual' to 'Automatic'
    6) Reboot the server
    Any help would be appreciated.

    Binu - are you wanting to automate this process with TES?
    There is a windows cmd command "net stop" and "net start" you can use to stop and start a service.
    You will need to work with your windows admin or look online for a command line way to change the service to manual and to start the defrag.
    There is a shutdown command that can be run from cmd. It has a switch to force the reboot.
    You might also check out scripting with WMI.
    Hope this helps,
    Michelle

  • Login with a network account in offline, possible?

    Hello,
    I have a question, since I had before snow leopard server. So the questions now belongs to the Lion Server, the dedicated server. And this is not a issue, but few questions to you and need to plan to setup to the dedicated server if there is a or few way to do!
    Before I could login in with a network account from Snow Leopard server from my MacBook PRO. I think there is still possible to do it. But now today I just wonder is there a possible to login in with a network account in offline too, also no internet require? And what is the name for that? True, I don't know a lot of VPN and never used this, can you explain bit about it? But I know when I logged in, I used a Open Directory account and this was "virtual screen", no need to open the screen sharing program or whatever. It just was from the Login Window, also when you are turn on the computer. Do you know what name and know how to could use a network account in offline on my mac?
    I just want to give you an example:
    If I am sitting in a flight to Vancouver from London, then there I have no internet access in flight trip, so I just login the network account and this had before "cache". Of course need to login in internet first to get all informations and files in computer, so these are stored in my computer. Then I am working with a presentation during the trip. When I am arrived in Vancouver, then I am connecting to a internet, so the computer, also the network account will update to the server with these new files etc or of these what I did in during the flight trip.
    Here is few question sticks from the text above:
    1. Can I use a network account in offline?
    2. Do you know any name for this method in Mac?
    3. I don't know VPN, so what do this mean and containing what?

    Hi
    "1. Can I use a network account in offline?"
    If I've understood you correctly, yes.
    "2. Do you know any name for this method in Mac?"
    There are several: Portable Home Directories, Mobility, Mobile Accounts etc:
    http://manuals.info.apple.com/en_US/UserMgmt_v10.6.pdf
    Page 215 onwards. Additionally Page 163 if Active Directory is involved.
    "3. I don't know VPN, so what do this mean and containing what?"
    You could have googled this yourself but here you go:
    http://www.howstuffworks.com/vpn.htm
    Essentially it's a means of providing a secure connection from remote networks such as your home or possibly a hotel to a specific location - such as your office or place of work - which allows you to access Servers and/or Services as if you were at that location itself.
    ". . . so the computer, also the network account will update to the server with these new files etc or of these what I did in during the flight trip."
    Depending on where you are and the size of the files this may be a doutftul/painful experience and possibly not worth undertaking? However only you would really know? IMO it would make more sense to sync these files once you were back on the Server's network. It's possible you may benefit by signing up for MobileMe or iCloud?
    HTH?
    Tony

  • Is it possible to login into the Java instance without password's input, using only my Windows workstation authorization?

    Dear Sirs,
    I try to do an authorization to my NW 7.3 Java instance through my Windows domain authorization.
    I done:
    1) Create connection to LDAP-server and tested it.
    2) Add windows domain certificate to TrustedCAs
    3) Configure SPnego
    Now, I can to login in my NW7.3 Java instance with my windows password, but however I must to input password when I open NW7.3 Java homepage.
    Is it possible to login into the Java instance without password's input, using my windows workstation login/password?
    What I have to do for that?
    I use Windows XP on my workstation and IE 8.0.6 & Chrome 38.0.2125.
    Best regards,
    Alexey Lugovskoy

    Please check
    Using Kerberos Authentication on SAP NetWeaver AS Java - User Authentication and Single Sign-On - SAP Library (NW7.3)
    Using Kerberos Authentication for Single Sign-On - User Authentication and Single Sign-On - SAP Library (NW7.0)

  • Can i set up my icloud account from my pc ?

    My iPod touch was stolen and I want to use "Find My iPod" I just spent the last 20 mins on the phone with Apple's customer service and they said there's nothing they can do to track my iPod because it's a "Privacy Issue" And they said that I never set up my iCloud account. I want to know if there's any way that I can set up my iCloud account from my PC so I can track my iPod.

    You cannot create an iCloud account from a Windows PC.

  • Hi I have two questions. I am using NAS 4.1 and was wondering is it possible to set a different session timeout for different users? How is the session timeout set? Thanks, YS

     

    <i>I am using NAS 4.1 and was wondering is it possible to set a different session timeout for different users?</i>
    Um, there is no such thing as NAS4.1.
    I'm assuming that you mean NAS4.0 (maybe NAS4.0sp1?). If so, then the session timeouts are specified in the session section of the NTV configuration files.
    AFAIK, you can specify session timeouts on a per user basis.

  • Is it possible to set up multiple iTunes accounts on a single computer?

    is it possible to set up multiple iTunes accounts on a single computer?

    If you do it with a single user account, you will receive update notifications for purchase made on both IDs regardless of which one you're using at the time.  That's slightly frustrating as you get the notification BUT you can't actually update!  In any event, separate user accounts on the computer is the cleaner way to go.

  • My daughter and I have separate iCloud accounts set up on out desktop PCs and our iPhones and iPads. We want to share the usage of a Win 8 laptop and will log in using using separate user accounts. Is it possible to set up our own iCloud accounts?

    My daughter and I have separate iCloud accounts set up on out desktop PCs and our iPhones and iPads. We want to share the usage of a Win 8 laptop and will log in using using separate user accounts. Is it possible to set up our own iCloud accounts in each of those separate user accounts?

    No it is not possible.  Content purchased from the iTunes Store is permanently tied to the account from which it was originally purchased, and Apple does not provide a way to change it.

  • Is it possible to set up a HP Scanjet 8200 series (8290 with ADF) Intel Mac

    Is it possible to set up a HP Scanjet 8200 series (8290 with automatic document feeder) on the new Intel based Mac Pro desktop computer (nehalem 2.93 dual processors, 8 core)? Can anyone please steer me in the right direction -- I tried one of the drivers from the HP website and the install reflected that it does not work on intel based computers. Does OS X Leopard come with some type of utility to help me set up the scanner (I don't see where to set it up)? Thanks.

    Hi Nicky,
    Yes,  you can download and install the software.  Yay!
    HP Deskjet 3050A e-All-in-One Printer series - J611
    Select your printer from the list ...
    Find and open the pdf document titled:
    Install Full Feature Software - Printer
    Good Luck!
    Click the Kudos Star!
    It is a great “Thank You” for the Experts who offer to help!
    Kind Regards,
    Dragon-Fur

  • Is it possible to set up a backup between two external drives

    Is it possible to set up a backup between two external drives?
    i use time machine to back up my imac onto an external 2T.
    i also have two external 3T drives.  i am looking for redundancy of data, tried software RAID and it failed.  i also see some limitations with RAID that a backup would avoid.
    thanks for sharing your expertise.
    be well,
    tony

    so thanks to all of you, particularly rkaufmann87 i have decided to stop the plan of setting up a software RAID set.  instead i have downloaded ccc and am in the process of setting up the secone 3t external drive as a clone.  i will use time machine to back up the internal hard drive only and if possible see if i can clone that as well onto one of the 3t's.
    this gives me the peace of mind i sounght and avoids the problem of total corruption that exists with the raid solution i was exploring.
    thank you all for making this an enjoyable and informative experience.  what a powerful community.
    be well
    tony

  • ThreadOpt values - is it possible to set them and what are the ranges?

    Hi there,
    I have a problem on my TestStand 4.2 platform, with test step result, formed and received from called external sequences results. In my Main sequence, in Post-Expression I defined condition, according to which the "Step.Result.Status" is passed or failed, and it works. But the problem is that in Status Expression field there is following statement: "(Step.Result.Status == "Done" && (Step.TS.SData.ThreadOpt == 0 || Step.TS.SData.ThreadOpt == 3)) ? "Passed" : Step.Result.Status". After deep search in the user manual, I found that (Note from "Expression Tab - Step Properties Dialog Box"): "Certain types of steps, such as Numeric Limit Tests, Multiple Numeric Limit Tests, String Value Tests, Pass/Fail Tests, and Statement steps, reserve one or more of these expressions to perform operations specific to the type of step or a substep performs the operation. In these cases, you cannot use the expressions the step type reserves, which appear dimmed on the tab." 
    Now, my problem is that at this specific step I call to an external sequence, which returns results and it is correct, but if these results, compared to expected are not the same, my step in the main sequence fails. Which is OK. But when the final report is generated I see there "Number of Tests Failed: 0", which is not OK. Since I can't change the "Step.Result.Status == Done", which comes from the external sequence, I thought that may be there is a place to change the "Step.TS.SData.ThreadOpt" and this way to cause to main sequence to correctly report "Failed Tests <> 0"??? 
    Does anyone has an idea whether it is possible to set this the ThreadOpt value and what is the accepted range?
    Your feedbacks and inputs are highly appreciated.
    Stephan

    GSinMN wrote:
    Hello Doug,
      I didn't think I was modifying any hidden properties.  It's just configuring a sequence call step when you add it to the sequence.  The "Execution Options" are clearly shown in a dropdown menu on the Module tab.  I was just pointing out that this seems to be what sets the ThreadOpt variable.  
    GSinMN
    Maybe I misunderstood. When you said "My normal process is to set it to 1, but based on this info, it needs to be either set to None or Use Remote Computer if you want anything other than "Done" to be returned." I thought you meant that you were setting the property directly rather than setting your sequence call steps to "New Thread" with the combobox.
    -Doug

Maybe you are looking for

  • Can I use iCloud like a mass storage device - pc free

    I am living on a boat and I am using my iPad w a camera connector kit. Can I back up photos that won't all fit on my iPads internal memory(16G), using iCloud like an external hard drive?  I don't have a pc w me and don't want one.

  • INPUT Parameter of INBOUND ABAP PROXY

    Hello Friends, We have created the inbound proxy via SPROXY and we have implemented the class ZACCL_MI_VENDOR_MASTER_PROXY_I for the same. Now In the structure tab of ABAP Proxy I can see the following structure of the INPUT. INPUT-MT_VENDOR_MASTER_P

  • How to save Chinese&Japanise Character through JDBC or Hibernate in ORACLE

    Dear all, How to save chinese and japanise character in oracle 9i database through JDBC or Hibernate. Please let us know if you have any source code. Thanks in advance. Thanks, Sundararaman.V.S.

  • Best way to make disk images for game disks?

    I want to play my beloved Battlefield 1942 on my Air... and I realized that I need the disk! ...Is there a way to turn the game disk into an image and "launch" it so the program thinks it's in the diskdrive, etc? I looked in DiskUtility, and I was a

  • If my screen gets too big to use what do i do?

    Hi I would like to know how to fix my phone the screen has got too big for me to access it