Profile manager, app passwords and groups

Howdy
First question so be gentle!
We've been using Profile manager for a few months and everything is working fine, but now we have a need to achieve the following:
1. push out apps with usernames and passwords pre-filled (we use a number of apps that we share a login for - I realise this isn't ideal, but it's how the MD wants to do things) - is this possible?
2. Is it possible to organise apps into groups...so travel apps are pushed into a folder called 'Travel' etc.
Cheers
Laurence

I know youve probably already checked but are the ports open on the firewall as per http://support.apple.com/kb/HT5302 ?  I had problems doing the same until it twigged!
Cheers

Similar Messages

  • Why does the new version of Firefox not integrate with Norton 360 Identity Safe. Problem for me because I use Norton 360 Identity Safe to manage my passwords and make it more difficult to use password protected website without that add-in.

    I use Norton 360 Identity Safe to manage my passwords and it makes it difficult to use password protected website without that add-in.

    Norton release Firefox 8 compatibility already, instruction are here
    * http://community.norton.com/t5/Norton-360/Firefox-8-Support-for-Norton-Toolbar/td-p/581640

  • Failed to start Verify integrity of password and group files.

    I noticed during boot of this:
    # systemctl status -l shadow
    ● shadow.service - Verify integrity of password and group files
    Loaded: loaded (/usr/lib/systemd/system/shadow.service; static)
    Active: failed (Result: exit-code) since Wed 2014-04-23 12:28:32 IDT; 2s ago
    Process: 1017 ExecStart=/usr/bin/pwck -r (code=exited, status=2)
    Main PID: 1017 (code=exited, status=2)
    Apr 23 12:28:32 Host pwck[1017]: user 'mysql': directory '/home/mysql' does not exist
    Apr 23 12:28:32 Host pwck[1017]: pwck: no changes
    Apr 23 12:28:32 Host systemd[1]: shadow.service: main process exited, code=exited, status=2/INVALIDARGUMENT
    Apr 23 12:28:32 Host systemd[1]: Failed to start Verify integrity of password and group files.
    Apr 23 12:28:32 Host systemd[1]: Unit shadow.service entered failed state.
    How can i fix it?
    Last edited by Juszr (2014-04-23 09:32:09)

    [Solved] -- thanks hokasch
    I too am newly receiving this message, and have made no changes to users, groups, or passwords for at least a year.
    shadow.service - Verify integrity of password and group files
    Loaded: loaded (/usr/lib/systemd/system/shadow.service; static)
    Active: failed (Result: exit-code) since Wed 2014-04-23 16:01:13 EDT; 7min ago
    Process: 300 ExecStart=/usr/bin/pwck -r (code=exited, status=2)
    Main PID: 300 (code=exited, status=2)
    Apr 23 16:01:13 arch pwck[300]: user 'avahi': no group 84
    Apr 23 16:01:13 arch pwck[300]: user 'ntp': no group 87
    Apr 23 16:01:13 arch pwck[300]: pwck: no changes
    Apr 23 16:01:13 arch systemd[1]: shadow.service: main process exited, code=exited, status=2/INVALIDARGUMENT
    Apr 23 16:01:13 arch systemd[1]: Failed to start Verify integrity of password and group files.
    Apr 23 16:01:13 arch systemd[1]: Unit shadow.service entered failed state.
    Is it simply a matter of adding these to /etc/group?
    Last edited by bpeary (2014-04-23 22:47:30)

  • Hi.I changed my in-app password and i forgot it.How do i restore it?PLEASE HELP!!!

    Hi... I changed my in-app password and forgot it.How do i restore it? PLEASE HELP!!!!

    What in-app password?

  • Does Profile Manager support iOS7's Managed App Config and App Feedback?

    WWDC 2013 talk 301 mentions that iOS7 now supports pushing of app config plists and returning app feedback via new MDM commands.
    Does anyone know if Profile Manager supports this or is it only for MDM vendors?
    Apples POC app is on the developer web site here: Managed App Configuration
    The proejcts readme.txt says this:
    * The MDM server must support the ApplicationConfiguration setting and ManagedApplicationFeedback commands
    I see other iOS7 specific config profile settings but for the life of me can't find anything on this topic!

    At the moment seems that Profile Manager included in OSX Server 3.0 do not supports these features.
    I hope that will supports it through an upgrade because that could be super useful and I don't want to pay for another MDM provider and switch only for a single feature.

  • Profile Manager, Push, Kerberos and other oddities

    Hey all,
    First time setting up a Mac Server on our network, thought we'd give Lion a try since we're seeing more and more Macs make their way into our ranks. I'm having issues with the following areas, hopefully someone could shed some light.
    Push
    I can't for the life of me get push to work behind our Firewall. I opened up TCP Port 5223 as outlined in the Apple Docs but that doesn't get me anywhere. Do I need to NAT that port to the lion server? I thought that push sent notifications down to individual machines and then they went and grabbed the new config from the server? How does a firewall with NAT know what machine to send the notification to? Any help would be appreciated.
    Also, what are you supposed to manage users with, the Work Group Manager or the Profile Manager. It seems like apple is moving away from the WGM style of management, although you can't do everything in PM, like setting up home folders etc. Very confusing to a novice.
    Email Addresses in Profile Manager configurations and Webmail.
    I might be missing something really simple here, but no matter what I do the Profile Manager spits out a default payload for email with our FQDN as the email address for the user ([email protected]). I have set the local alias and checked the checkbox to allow our example.com domain to work. Manually setting the email address to [email protected] works just find. I'm a bit bothered that everytime I push a configuration out to a device I'll have to go back in and manually change the email address. Has anyone figured out how to change that?
    In webmail it always lists the email address as [email protected] instead of [email protected]. You can go in and edit the identity and all is right with the world, but that's sort of a pain? Seems like common sense that you could set that as the default.
    Kerberos
    I was excited to get a Single Sign On solution going for our users since it would come in handy, however, straight out of the box it just doesn't work.I'm also not sure what to look for in the logs to make sure that things are working smoothly. I'm joinging the client machines to the server by going into users and clicking join. Selecting the server from the drop down and hitting submit. Do I have to set up a search order and all that jazz or is that set up automatically then.  I can see that I'm getting tickets with the Ticket Viewer but I'm still getting prompted for passwords in mail, ichat, AFP etc. Close to giving up on that front.
    Any help or general words of encouragement appreciated. 

    Push
    You've opened the secure iChat port to have push notifications working? Take a look here for the right ports:
    http://help.apple.com/advancedserveradmin/mac/10.7/#apdCA9A73CE-5F0C-4BDC-93E8-2 952C362FA3E.
    On that page are all port numbers you need to forward to your server.
    Email
    The addresses being displayed as [email protected] is a bug in Lion Server in my opinion, you can file a bug report at apple.com/feedback.
    Kerberos
    Is as poorly documented as invisible in OS X Lion Server. Single Sign-On is a great tool for making services more user-friendly, it should be top of mind at Apple. You can file an enhancement request at apple.com/feedback.
    Regards,
    Mark

  • Cannot open firefox or profile manager, checked firewalls and allowed firefox

    I restored my system to 3 days before the issue and still won't work. When I run a compatibility check through windows 7 (64 bit) it tells me firefox is not compatible. Until 2 days ago I only used firefox now I have downloaded several times, uninstalled, changed firewall to allow firefox using windows or McAfee security, tried opening profile manager to create a new profile but my computer does nothing.
    error message in C:\program files (x86)\Mozilla firefox\browser\chrome.manifest
    "Windows cannot access the specified device, path, or file. You many not have the appropriate permissions to access the item"

    Note that using System Restore can cause your Firefox installation to get corrupted because not all files are restored (only files in a white-list), so be cautious with using System Restore.
    *You may lose data in the Firefox profile folder like .js and .ini files.
    Do a clean reinstall and delete the Firefox program folder before (re)installing a fresh copy of the current Firefox release.
    Download a fresh Firefox copy and save the file to the desktop.
    *Firefox 23: http://www.mozilla.org/en-US/firefox/all.html
    Uninstall your current Firefox version, if possible, to cleanup the Windows registry and settings in security software.
    *Do NOT remove personal data when you uninstall your current Firefox version, because all profile folders will be removed and you lose personal data like bookmarks and passwords from profiles of other Firefox versions.
    Remove the Firefox program folder before installing that newly downloaded copy of the Firefox installer.
    *(32 bit Windows) "C:\Program Files\Mozilla Firefox\"
    *(64 bit Windows) "C:\Program Files (x86)\Mozilla Firefox\"
    *It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
    *http://kb.mozillazine.org/Uninstalling_Firefox
    Your bookmarks and other personal data are stored in the Firefox profile folder and won't be affected by an uninstall and (re)install, but make sure that "remove personal data" is NOT selected when you uninstall Firefox.
    If you keep having problems then also create a new profile.
    *http://kb.mozillazine.org/Profile_folder_-_Firefox
    *http://kb.mozillazine.org/Profile_backup
    *http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Clean_reinstall

  • Reset calendars and contacts and profile manager, reset calendars and contacts and profile manager

    HI,
    I have succesfully re setup postgres with this set of instructions...
    Wki's now work, just need to re initialise calendars and contacts and maybe profile manager...
    serveradmin stop postgres_server
    serveradmin stop postgres
    mv /Library/Server/PostgreSQL\ For\ Server\ Services/Data{,-old}
    mv /Library/Server/PostgreSQL/Data{,-old}
    /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup/Promotio nExtras/58_postgres_setup.rb
    /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeDB. sh
    serveradmin start wiki
    /Applications/Server.app/Contents/ServerRoot/usr/bin/psql -U _postgres -h "/Library/Server/PostgreSQL For Server Services/Socket" -l
    /Applications/Server.app/Contents/ServerRoot/usr/bin/psql -U _postgres -h "/Library/Server/PostgreSQL For Server Services/Socket" postgres -c "\dg"
    bash-3.2# serveradmin stop postgres_server
    postgres_server:state = "STOPPED"
    bash-3.2# serveradmin stop postgres
    postgres:state = "STOPPED"
    bash-3.2# mv /Library/Server/PostgreSQL\ For\ Server\ Services/Data{,-old}
    bash-3.2# mv /Library/Server/PostgreSQL/Data{,-old}
    bash-3.2# /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup/Promoti onExtras/58_postgres_setup.rb
    WARNING: enabling "trust" authentication for local connections
    You can change this by editing pg_hba.conf or using the option -A, or
    --auth-local and --auth-host, the next time you run initdb.
    WARNING: enabling "trust" authentication for local connections
    You can change this by editing pg_hba.conf or using the option -A, or
    --auth-local and --auth-host, the next time you run initdb.
    bash-3.2# /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeDB .sh
    devicemgr:state = "STOPPED"
    postgres_server:state = "RUNNING"
    (in /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend)
    (in /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend)
    devicemgr:state = "STARTING"
    bash-3.2# serveradmin start wiki
    wiki:state = "RUNNING"
    bash-3.2# /Applications/Server.app/Contents/ServerRoot/usr/bin/psql -U _postgres -h "/Library/Server/PostgreSQL For Server Services/Socket" -l
                                            List of databases
           Name        |   Owner    | Encoding |   Collate   |    Ctype    |    Access privileges   
    -------------------+------------+----------+-------------+-------------+-------- -----------------
    caldav            | caldav     | UTF8     | en_GB.UTF-8 | en_GB.UTF-8 |
    collab            | collab     | UTF8     | en_GB.UTF-8 | en_GB.UTF-8 |
    device_management | _devicemgr | UTF8     | en_GB.UTF-8 | en_GB.UTF-8 |
    postgres          | _postgres  | UTF8     | en_GB.UTF-8 | en_GB.UTF-8 |
    template0         | _postgres  | UTF8     | en_GB.UTF-8 | en_GB.UTF-8 | =c/_postgres           +
                       |            |          |             |             | _postgres=CTc/_postgres
    template1         | _postgres  | UTF8     | en_GB.UTF-8 | en_GB.UTF-8 | =c/_postgres           +
                       |            |          |             |             | _postgres=CTc/_postgres
    webauth           | webauth    | UTF8     | en_GB.UTF-8 | en_GB.UTF-8 |
    (7 rows)
    bash-3.2#

    qwince wrote:
    Yes but my point is that the device may not be able to connect to the internet for a period of time.  Thus all devices will have different data on them.
    So you are constantly (multiple times per hour/day) changing contacts/calendars on different devices with no internet around?
    The data gets sync'd only when it changes.
    So you are out in the field with no internet.
    You make a change on your iPhone. It doens't get sync'd to your computer.
    Who cares,? Yo have the data on your phone and you don't have your computer.
    Now you drive back to town. When you get a data connection, everything sync's up.
    why remove the functionality to sync everything else at the same time, should the user choose or need to do so.
    The Sync Services functionality was removed from the OS, so there is nothing for iTunes to use.
    It still works in Windows.

  • How do I determine what is my CURRENT Profile, because Profile manager shows 3 and all the Q&As are ambiguous in that respect. Thx.?

    Yes, I see ambiguity. I also have some old backed up profiles and I have 3 profiles showing under the Profile Manager. The folder under "%APPDATA%\Mozilla\Firefox\Profiles\ " shows 2 of them, but HOW do I determine WHICH ONE is my current profile?? So far I was unable to browse up a clear answer. Thx.

    Somehow the newest Profile ''(Profile 2)'' ended up in the \Profiles\ folder instead of in it's own Profile folder which would have a name similar to the other two Profiles - 8 alpha / numeric string ''followed by'' a suffix, ''either Firefox assigned or user specified, like JP1''. <br />'''Default=1''' indicates the "active" Profile so we know that is the most current Profile.
    <pre><nowiki>[Profile2]
    Name=JP1
    IsRelative=1
    Path=Profiles
    Default=1 </nowiki></pre>
    ''Sorry, I need to break now for dinner right now, be back in 1/2 hour or so.''

  • Getting error reading settings with service profile manager. Why and what can I do to solve problem?

    Getting "error reading settings" with the service profile manager in Lion server OS. Why and what can I do to solve problem?

    I have also had the 'Error reading settings' problem in Profile Manager, despite trying everything in the discussions and clean reinstalls (which work for a little while only).
    It seems that various different fixes work for some people but not others; and the underlying cause of the problem has not been resolved.
    There are now numerous threads on this problem (there are yet others with similar problems):
    https://discussions.apple.com/thread/3189397
    https://discussions.apple.com/thread/3195100
    https://discussions.apple.com/thread/3212015
    https://discussions.apple.com/thread/3208533
    https://discussions.apple.com/thread/3249062
    https://discussions.apple.com/thread/3199734
    https://discussions.apple.com/thread/3212304
    I have posted this in each to try and pull things together a bit.
    Does anyone know if Apple has acknowledged the issue and offered an official response?

  • Firefox works fine on version 26. When it updates to version 27, i get undefined entity. I've tried getting profile manager to run and it won't. Need help

    Version 26 works fine. When it updates to version 27.01, I get undefined entity. I've tried uninstalling and then reinstalling. I've tried to bring up profile manager but it doesn't come up. I've tried deleting Firefox folders. I'm very disappointed that Firefox rolls out an update that causes problems. None of your recommendations is working and I really hate to lose Firefox but this is pathetic. I'm using version 26 as much as i can till someone gives me the right solution. Is there a simple link to click on that will clear up any old profiles and simply fix this issue?

    That means you need to clean reinstall.
    Certain Firefox problems can be solved by performing a ''Clean reinstall''. This means you remove Firefox program files and then reinstall Firefox. Please follow these steps:
    '''Note:''' You might want to print these steps or view them in another browser.
    #Download the latest Desktop version of Firefox from http://www.mozilla.org and save the setup file to your computer.
    #After the download finishes, close all Firefox windows (click Exit from the Firefox or File menu).
    #Delete the Firefox installation folder, which is located in one of these locations, by default:
    #*'''Windows:'''
    #**C:\Program Files\Mozilla Firefox
    #**C:\Program Files (x86)\Mozilla Firefox
    #*'''Mac:''' Delete Firefox from the Applications folder.
    #*'''Linux:''' If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see [[Installing Firefox on Linux]]. If you downloaded and installed the binary package from the [http://www.mozilla.org/firefox#desktop Firefox download page], simply remove the folder ''firefox'' in your home directory.
    #Now, go ahead and reinstall Firefox:
    ##Double-click the downloaded installation file and go through the steps of the installation wizard.
    ##Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
    More information about reinstalling Firefox can be found [https://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems?esab=a&s=troubleshooting&r=3&as=s#w_5-reinstall-firefox here].
    Please report back to see if this helped you!
    Thank you.

  • Color profile management across LR and ps CS4

    Problem the same file when sent from LR to cs4 for fine tuning looks totally different its color.
    Therefore I'd like some advice on how to setup my color profiles for my monitor, LR and Photoshop CS4.  I shoot with Canon and the last articles have been advising to go with the Prophoto profile for it's large spectrum.
    I can set the monitor and CS4 to that....but what is LR's profile.  I can't even FIND the default.  I'm sorry.  I've poked around and poked around.
    I don't have any problems setting the profiles for printing....that part I got.
    I only used to use photoshop and didn't have these issues...but I'd like to get the programs sync'd.
    My OS is Vista.....shortly to be WIndows 7.
    Thanks in advance.
    janet

    No, the problem is that lots of monitors install profiles that have a
    corrupt perceptual rendering intent. This is very strange but unfortunately
    true. Especially Dell and Samsung monitors have this issue. Lightroom uses
    the perceptual intent if present and Photoshop uses relative to render to
    the display profile. This is only an issue on windows machines and you can
    check whether this is what is causing your problem by going to your
    monitor's properties dialog and clicking on the color management tab. There
    you should delete any profile you see. This will make windows assume that
    your monitor is sRGB and should make Lightroom and Photoshop render
    identically. This is only a test. Both will render the image wrong since
    your monitor is unlikely to be exactly sRGB. The ONLY way to get correct
    color in any program whether it be Photoshop or Lightroom is to calibrate
    and profile your monitor using one of the hockey puck calibrators. You can
    have a reasonable one (Spyder 2 or Huey Pro) for under $100. Better ones are
    $150 to $250 and often include printer profiling too. The cheapest ones do a
    very good job already if you're not too extremely critical.
    Note that we have seen literally hundreds of issues like this on this forum
    all caused by bad monitor profiles. People only noticed that this was
    happening because they compared Lightroom to Photoshop and saw a difference.
    They were having bad color in every app before already.

  • Profile Manager App Restrictions

    We’re looking to restrict a group of users in regards to the apps they can use.  I understand the list of specific Apps is based on the Apps installed on the server.  As we’re not interested in installing suites of Developer apps on our server, I thought we could use the Allow Folder and Disallow Folder options.
    The current setup is as follows;
    Allow:
    /System
    /Library
    /Applications
    ~/Library
    ~/bin
    Disallow:
    /Users/Shared
    ~/
    We hoped this would block any apps where a Standard User would typically install - but give them access to a user-level bash and the ability to download homebrew, mysql and various command-line tools.
    The issue is; "Disallow ~/" seems to supersede  “Allow ~/Library, ~/bin”, meaning a user cannot run apps within those folders - including bash.  Does anyone have a creative solution to such a problem?
    We contemplated to Disallow each sub-folder in the home directory (music, movies, downloads), except ~/Library and ~/bin, but if the user catches on, they can create a subfolder labeled abc and suddenly go wild.
    Thanks in advance.

    You seem much more advanced the I am but i fell like trying.
    I wondered if you have the correct order in ACLs and POSIX.
    ACLs preceed POSIX. OS X goes in the ACL top down and at the first Allow or Deny it find for an object (ACL are slightly different for files and folder), it takes it, skipping anything else for that object.
    Also tricky in ACLs is that if you don't select, for example, an allow, then it not disallowed, it's just undefined.
    If nothing is definded in ACLs, OS X fall onto POSIX. Since everyone is member of workgroup (or staff, depends), it's a big complex sauce.
    There's propagation of ACLs and inheritance (explicit or not) that I have to relook in.
    Let know of how you solved it please.

  • Oracle VM Manager 3 User and groups

    Hi!
    Has anybody know something about howto manage users/groups in OVM3? I didn't find any information in the user's guide and there isn't such as configuration tabs or options in the web interface.
    Thanks!

    From what I've gathered talking to support is this:
    OVM 3 is not well suited for single node implementations. You also should not mangle with the remaining space of the primary disk that has OVM Server installed on it. If one tries to do so - as I have, and exports the space as NFS for use with OVM 3 it will loop back on itself and cause errors I've reported in my post.
    The only way to try such (lab) implementation is to use external NFS for server pool creation - or better yet, use external NFS for images and don't even enable clustering in server pool definition (meaning you would not use local physical disks for storage repository at all).
    It's my impression Oracle put great effort into making a clustered solution that would scale very well. It's just not meant for single server implementations - which in reality make no sense anyway.
    If you come across such problems, now you know. :-)

  • Unable to push user profiles to AD groups with Profile Manager since upgrade to Server v3

    Since upgrading our OS X Mac server from 10.8.5 to 10.9.1, and OS X Server app to v3 (now 3.0.2) I have been unable to push or modify user profiles to AD groups (or AD users) using Profile Manager. This was working fine on OS X 10.8.5. Pushing device profiles is still working OK after the upgrade.
    From what I can see from the logs on the client side and server side, it seems related to a problem with the mdm authtoken.
    In the client console I can see this entry:
    27/01/14 14:30:15.844 mdmclient[38557]: *** ERROR *** [Agent:636102071] Unable to proceed with connection to: https://ourserver.ourdomain/devicemanagement/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have valid MDM AuthToken
    On the server, in the php.log I can see the corresponding attempt to authenticate:
    1::Jan 27 14:29:50.930 [158] <192.168.28.171> {require_once (mdm_checkin.php:11)} vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv - PUT mdm_checkin
    0::Jan 27 14:29:50.931 [158] <192.168.28.171> checkin: 'UserAuthenticate'
    1::Jan 27 14:29:50.936 [158] <192.168.28.171> {Target_for_incoming_request (target.php:209)} Found target NETWORK LS: <User[156]@ourclientmachine>
    0::Jan 27 14:29:50.937 [158] <192.168.28.171> {LabSession_validate_auth_token (mdm_checkin.php:22)} Failed auth for target NETWORK LS: <User[156]@Device[1697]>, incoming_request={
    0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'MessageType'=>'UserAuthenticate',
    0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UDID'=>'17aff5c5a40f51acbbd78023d0028c80',
    0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UserID'=>'A5EA25B7-7CCD-4EF4-B240-F23DED275EEC'
    0::Jan 27 14:29:50.937 [158] <192.168.28.171> }
    1::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Sent Final Output (407 bytes)
    1::Jan 27 14:29:50.965 [158] <192.168.28.171> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - /devicemanagement/mdm/mdm_checkin
    0::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Completed in 34ms | 200 OK [https://ourserver.ourdomain/devicemanagement/api/device/mdm_checkin]
    So I can see there is a failure to authenticate, but don't really know how to troubleshoot this further. Or maybe this is just a bug in the new server app?
    I have tried to remove and re-enroll clients in Profile Manager but no joy there.
    In the client's Keychain I can see an MDM user AuthToken linked to the correct user account.
    Thanks in advance for any help or suggestions

    I just wanted to update my post, as this issue for me is resolved.
    I uninstalled and reinstalled the Server.app on our Mac server, since then I've been able to push profiles to AD Users and Groups. I guess that in my case the Server app got into a bit of a mess when it was upgraded to v3.
    Now the next headache I have is that my AD Groups which are displayed in Profile Manager are not syncing any recent changes. I think I'm probably seeing the same issue as described in this post
    https://discussions.apple.com/message/25420919#25420919

Maybe you are looking for