Why do some computers join OD and have a dollar sign ($) appended to the name?

This question has been asked before here a few times with nobody being able to really definitively answer it (see: 2027636, 5979187, and 11144245).  It has been a couple of years and versions of OS X server and I am running into this same issue.  I am working on building an image to deploy Mavericks to our office computers and have been working on a script to set the hostname and join it to OD.  As a result I've been joining and unjoining this computer to our local OD server in an attempt to get the script working.  In the course of my troubleshooting, I've noticed that a number of computers in our domain have a $ appended to the name.  In fact, when I join my computer "office-test" it shows up in both workgroup manager and directory utility as 'workgroup-test$'.  If I remove the dollar sign from the end of the name in workgroup manager, the light next to the network server name goes from green to red on the client (in System Preferences -> Users & Groups -> Login Options).  The reason this has been an issue for me is that the script attempts to populate some attributes and make the computer join groups on the server (so it can get the proper MCX settings), but since my script is using 'office-test' as the computer name and not 'office-test$', it is failing.  We do have other computers with the $ appended (mostly windows machines).  We also have hosts that don't have the $.  Does anyone know why this happens and how to prevent/correct/change it?
This is what I'm trying to do:
#set variables
odserver=SERVER
odbindacct=ACCOUNT
odbindpass=PASS
computername=office-test
computerGroup=officegroup
#set hostname
scutil --set ComputerName ${computername}
scutil --set LocalHostName ${computername}
scutil --set HostName ${computername}.DOMAIN.TLD
#join OD
dsconfigldap -v -N -f -a ${odserver} -n ${odserver} -c ${computername} -u ${odbindacct -p ${odbindpass} -e
#update attributes
dscl -u ${odbindacct} -P ${odbindpass} /LDAPv3/${odserver} -merge /Computers/${computername} RealName ${computername}
#get GUID
GUID="$(/usr/bin/dscl -u ${odaccount} -p ${odpass} /LDAPv3/${odserver} -read /Computers/${computername} GeneratedUID | awk '{ print $2 }')"
# Add to computergroup/list
dscl -u "${odbindacct}" -P "${odbindpass}" /LDAPv3/${odserver} -merge /ComputerGroups/${computerGroup} GroupMembership ${computername}
dscl -u "${odbindacct}" -P "${odbindpass}" /LDAPv3/${odserver} -merge /ComputerGroups/${computerGroup} GroupMembers "${GUID}"
dscl -u "${odbindacct}" -P "${odbindpass}" /LDAPv3/${odserver} -merge /ComputerGroups/${computerGroup} Member ${computerid}
dscl -u "${odbindacct}" -P "${odbindpass}" /LDAPv3/${odserver} -merge /ComputerLists/${computerGroup} Computers ${computername}
In Directory Utility, I do see the following attributes/values set
AppleMetaRecordName (cn=office-test$,cn=computers,dc=[HOST],dc=[DOMAIN],dc=[TLD])
AuthenticationAuthority array ((;ApplePasswordServer;[HEX DATA]) (;Kerberosv5;;office-test$@[HOST].[DOMAIN].[TLD];[HOST].[DOMAIN].[TLD];))
RealName: (office-test$)
RecordName (office-test$)
ENetAddress ([MAC ADDRESS])
GeneratedUID ([UID])
HardwareUUID ([UUID])

I have observed the same issue on some 10.8.5 servers with 10.8.5 clients
This behavior happens when authenticated bind have been enabled on server.
Once authenticated, binded computers receive a ComputerName change during boot which append the dollar sign as appears in workgroup manager on server
System logs on clients computers shows
UserEventAgent receiving the $ name from _workstation._tcp.local (Workgroup Manager https://developer.apple.com/library/mac/qa/qa1312/_index.html)
and mDNSResponder updating/enforcing Computer Name accordingly.
Moreover, a binded computer will typically have « System Preferences ->> Sharing ->> Computer Name » option geyed out
The workaround i found:
1) moved  macosxodpolicy back from « authenticated bind required » to « enabled » and remove the $ sign from the end of each Computer name in workgroup manager.
This allows to keep reliables computers names for mcx administration on workgroup manager but
on the other hand, as you pointed out, this will also block network users on client computers.
so on clients computers:
2) Unbinded to clean the authentication entry and performed a simple bind —> without authenticated binding ( -f option) and admin/privileged network user (-l -u options)

Similar Messages

  • HT4914 why do some songs grayed out and only available when connected on wifi when trying to stream on iphone?

    why do some songs grayed out and only available when connected on wifi when trying to stream on iphone?

    I had this problem too - of grayed out music I could only play when in WIFI.  I noticed when looking in iTunes, these grayed song were not chosen by me to sync on to my iPhone. They were stored in iCloud.  I went to Settings > Music and then turned off "Show All Music" so only music that has been dowloaded to my iPhone will be shown. 
    I don't have iTunes Match, so you may have a different issue than what I had.

  • Why we need two Joins (Left and Right)

    Hi,
    Why we need two joins while we can do it just by replacing the tables?
    Query 1.
    SELECT e.ename, d.dname
    FROM emp e LEFT JOIN dept d ON e.deptno = d.deptno ;
    Query 2.
    SELECT e.ename, d.dname
    FROM emp e RIGHT JOIN dept d ON e.deptno = d.deptno ;
    The same result of Query 2 can be get from following query with LEFT JOIN.
    Query 3.
    SELECT e.ename, d.dname
    FROM dept d LEFT JOIN emp e ON e.deptno = d.deptno ;
    So why we need LEFT and RIGHT Joins while we can do this by just replacing tables position ( as in Query2 and Query3).
    Regards,
    Danish

    Danish wrote:
    Any other suggestions?What do you find lacking in the answers that have been suggested so far?
    Why would you restrict the syntax so that you only had one of the two syntax options? That forces developers to write queries in a particular way. If you only had a LEFT OUTER JOIN operator, for example, the first table would always have to be the one that drove the number of rows in the result set. Sometimes (most of the time in my experience), that's a sensible way to approach the problem. But occasionally you get problems where you want to start with the sparse tables and join to the denser tables and having the RIGHT OUTER JOIN makes it much easier to approach the problem that way.
    Re-ordering the tables in a query using ANSI syntax is also not necessarily a trivial endeavor. If you're working on building up a query (i.e. join 3 tables, verify the results, join a fourth table, verify the results, etc.) it's potentially non-trivial to change the order of the tables-- you may find that you've inadvertently changed the semantics of your query and now you have to backtrack a bit to verify the new logic.
    It's also the same reason that you have multiple ways to write a loop or multiple ways to iterate through a collection. While it's completely possible to rewrite any loop in the form
    LOOP
      <<do something>>
      EXIT WHEN <<something>>
      <<do something else>>
    END LOOP;that's not always the clearest way to express a piece of logic. Generally, a nice FOR loop or a nice WHILE loop is simply a clearer and cleaner solution. Similarly, sometimes a LEFT OUTER JOIN is a clearer way of expressing a SQL statement and sometimes a RIGHT OUTER JOIN is a clearer way of expressing it.
    Justin

  • Just joined bt and have a real big problem!!!!

    hello there i was very happy untill this morning with my new bt infinity package which was installed last tuesday.i have only just realised with horror that i have taken delivery of the wrong tv box.we have chosen a humax youview box when we should have opted for a bt vision+ box so we could receive the extra 18 channels and sport.we ordered over the phone and i was told it was just a matter of paying a £10 fee to get espn and i didnt realise the extra channels i was paying an additional £12.50 for was the six packs add on which is completely different.anyway i rang up this morning and was told it would cost £199 to change boxes!!!!!!.is this correct??.if so ive got a year with a useless box with next to nothing i want to watch!!.what are my options please.
    on the plus side i am delighted with the phone and broadband!!

    jezstatham
    Visitor
    Posts: 3
    Registered: ‎14-04-2013
    Re: just joined bt and have a real big problem!!!!
    on ‎14-04-2013 22h57
    stuart can you give me a bit more info about the schedule for the humax box being enabled?
    It is scheduled for the summer but lime all schedules it could slip. It requires an update to the software
    They are currently working on delivering this service to those who have the existing boxes ie the Black Vision Box. The two separate platforms will disappear in time with YouView being the future. Have you checked to see if your exchange is multicast enabled
    Life | 1967 Plus Radio | 1000 Classical Hits | Kafka's World
    Someone Solved Your Question?
    Please let other members know by clicking on ’Mark as Accepted Solution’
    Helpful Post?
    If a post has been helpful, say thanks by clicking the ratings star.

  • I can't find preferences for the notes app. and every once in awhile some of my notes just disappear at start up, I see the name and then it refreshes and they are gone, very annoying. Can anyone tell me why it does this and how to stop it? thanks

    I can't find preferences for the notes app. and every once in awhile some of my notes just disappear at start up, I see the name and then it refreshes and they are gone, very annoying. Can anyone tell me why it does this and how to stop it? thanks

    Hi again, I am on an iMac using OSX 10.7.5, I"ve taken screenshots to show you I think my settings are correct

  • I work for company and we use HTC phones .. We are thinking of changing to iPhone...  We use destiny pens and have been advised that apple blocks the Bluetooth for this device... Why

    I work for company and we use HTC phones about a hundred  .. We are thinking of changing to iPhone...  We use destiny pens and have been advised that apple blocks the Bluetooth for this device... Why...?

    Apple doesn't "block" that device. They just don't support the Bluetooth profiles the Destiny pen requires. You can see the Bluetooth profiles included in iOS here:
    http://support.apple.com/kb/HT3647
    and the profiles required for the pen here:
    http://www.destinywireless.com/flash/#/thedigitalpen/compatibility/bluetooth_com patibilty/
    Perhaps another pen such as the A4 Smart Pen would work for you in place of the Destiny device:
    http://apenusa.com/productdetail.php?product_id=4
    Regards.

  • Why?  Why can't I run iMovie and have it

    Why? Why can't I run iMovie and have it ask me whether I want to load an existing project or new one? I don't see a setting for this in Preferences.
    thanks

    I haven't gone to the trouble of actually testing to see which uses more CPU power, but Firefox has been faster than Safari on every Mac I've ever owned.
    To see CPU usage by process, open the terminal (in Utilities) and enter 'top' at the command line. You might have to expand the window as processes don't appear in any logical order.
    It could also be hardware-related: I have late 2009 mini with similar specs and it pinwheels easily.

  • Why are some text messages blue and some green

    Why are some text messages blue and some green?

    Blue text messages are iMessages (with other iOS and Mac users with iMessage enabled).
    Green are regular SMS messages to non-iPhone users and iPhone users with iMessage not enabled.

  • Why does some of my music not appear in my music app on the iPhone but I can search and play it through iPhone search?

    A few albums and songs are in my iPhone 4S but don't appear in my music app, to play them, I must search for it using search iPhone

    This seems like a very innocent post, but in digging more on the problem I've also seen this (some music recopies with every sync) with 9.1.1 level code. Apple Software Update said my system was fine, and iTunes itself also said it was up to date. However the reported code level is 9.1.1.11 rather than 9.1.1.12. After I manually downloaded and installed the most current .12 version, on 2 different machines btw, I noticed that the library needed to be updated yet again. Let me tell you that on a 1TB library this takes a long long time.
    After another re-copy cycle, and did some more sync tests and this time I'm not getting the re-copy to happen, so the problem appears to be cleared up.
    Again, issues like this are magnified significantly on systems with very large library.

  • Why can't I assign hardware and guest os profiles to servers in the new SCVMM 2012 Service Templates?

    Trying to learn SCVMM 2012, but I'm confused about how Guest OS and Hardware Profiles work with the new 2012 Service Templates.
    I create a Hardware Profile and a Guest OS Profile. Then I open the Create VM Template wizard. In this wizard I can assign the Hardware and Guest OS profiles I created under the Configure Hardware and Configure Operating System steps in the wizard.
    If I open the new Service Template wizard, select a Single Tier Server (for example), open the Service Template Designer and go to the properties of the server I find under Hardware Configuration and OS Configuration I cannot assign my Hardware and Guest OS
    profiles to the server.
    Why is this? It seems like extra work to have not be able to assign these profiles to servers in a service template. Is there something fundamental I'm missing here?

    I have the same issues with the equipment I maintain. Two things are consistent that I see between this forum and my set up. I had 10.5 on all our Macs and each of them could connect with out issue to the shares on a windows xp machine. I have three Mac computers I am working with. 1. My main computer a MacBook Pro 2.4ghz core 2 duo, an Intel iMac, and an older Mac Pro G5 running OS 10.5 server.
    I have another server running kiosk or signage displays that is a windows xp machine. All of my macs could access the windows xp machine by clicking on it and authenticating to it and then the shares will show up.
    I upgraded my MacBook Pro first to 10.6 and have been unable to connect to the windows shares ever since. Keep getting Authenticatoin failure. So my work around is to transfer files to the 10.5 macs and then screen share one of them and access the windows share from them. Spoke with Apple support and they could not help and said it was a know issue but did not have a solution.
    Last week I upgraded the iMac to 10.6 and it too, now will not authenticate to the windows shares.
    Here are the strange things... I can take my macbook pro home and access all windows shares on my home networked computers. I even took the windows xp machine home from work to test it and I was able to connect to the shares without issue from my Macbook pro.
    Two things stand out ... you mentioned a Cisco router and we use a Cisco router at work. Also, both of us have upgraded to 10.6 and authentication fails at that time.
    Problem is between OS 10.6 and the Cisco routers I believe. I am not sure how to fix the issue though.

  • Why when I copy a cell and paste into another it pastes into the middle of three cells?

    Why when I copy a cell and paste into another it pastes into the middle of three cells? I was very fond of using numbers as it was straightforward and much better than Excel. But I made the mistake of installing Mavericks and Numbers 3.0. Now it is worse than Word at doing what it thinks it wants to do rather than what you want to do. I can no longer copy a cell and paste it into another. For some reason on pasting, instead of pasting into just one other cell it pastes into the middle of three cells - what the ****?

    Thanks Badunit for your quick response
    I have found the answer - it is a incompatabilty between CopyPaste Pro and Numbers: -
    Thanks dbg1596 - solved my problem with which I wasted a good couple of hours getting more and more frustrated with numbers 3.0
    I had the same problem - copy a cell - paste into another cell and it created three vertical cells with the pasted data in the middle
    Definitely a problem between CopyPaste Pro - one of the most useful aps on my Mac for the last many years
    Once I quit CopyPaste Pro - no problem with pasting in Numbers 3.0
    But I use CopyPaste Pro all the time
    Have the folks responded to your query?
    But I use CopyPaste Pro all the time - hope that it can be sorted sooner rather than later

  • Or some reason everytime i got to my membership for pet insurance it says wrong password the i go back to IE 11 and it lets me sign in with the same password...

    for some reason everytime i got to my membership for pet insurance it says wrong password then i go back to IE 11 and it lets me sign in with the same password...What gives..do I have to have 8 different browsers to get into certain accounts...lol...help

    Hi vikadelic,
    Do you store your passwords in the browser? If so, you may want to update them to make sure that they are trying to login with the right credentials: [[Password manager - Remember, delete and change saved passwords in Firefox]]
    If that is not the case, it may be an old stored cookie: [[Delete cookies to remove the information websites have stored on your computer]]

  • When I first open Firefox it is fine but if I open a second tab to search another site I get a white screen and have to continually click 'back', click the site link, white screen, back, click the link, white screen and so on.

    When I first open Firefox it is fine but if I open a second tab to search another site I get a white screen and have to continually click 'back', click the site link, white screen, back, click the link, white screen and so on.

    This can also be a problem with the files [http://kb.mozillazine.org/sessionstore.js sessionstore.js] and sessionstore.bak in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder]
    Delete [http://kb.mozillazine.org/sessionstore.js sessionstore.js] and sessionstore.bak in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder]
    If you see files sessionstore-##.js with a number in the left part of the name like sessionstore-1.js then delete those as well.
    You will have to redo App Tabs and Tab Groups after deleting sessionstore.js.
    See:
    * http://kb.mozillazine.org/Session_Restore

  • HT1311 I changed my apple id and have a gift card credit on the old account which I no longer use.  How do I transfer the gift card $ to my new apple id?

    I changed my apple id and have a gift card credit on the old account which I no longer use.  How do I transfer the gift card $ to my new apple id?

    Click here and request assistance.
    (75296)

  • I bought my iPhone 4 in Canada and have been using it here for the past 7 months. In september i will be moving to the UK and am wondering if I get a UK sim card will I be able to use it as my cell phone over there?

    I bought my iPhone 4 in Canada and have been using it here for the past 7 months. In september I will be moving to the UK and am wondering if I get a UK sim card will I be able to use it as my cell phone over there?

    Hi: I don't believe that Telus provides unlocking for the iPhone. Other phones, yes, iPhone no.
    Follow-up info from Telus:
    http://www.telusmobility.com/en/BC/Unlock-Device/unlocking_your_device.shtml?eVa r6=link
    Stedman

Maybe you are looking for