Yosemite/Active Directory/Windows Server

After upgrading two iMacs from Mavericks to Yosemite, both now fail to connect to user accounts created with Windows Server2012. When using Mavericks I did not have this issue. Any thoughts? I did unbind but now the binding process fails as well.

This fixed my problem- Network Preferences/Advanced/DNS then add the NAME of your local server to the search domain. Click apply. Next, open Directory Utility and unbind the computer. Lastly, Bind the computer making sure to input the name of the local server in the space for Active Directory Domain (the same name you added to the Search Domain) and click on Bind. Hope this works!

Similar Messages

  • Cucm 9.1.2 and Active Directory(Windows Server 2003 Standart Edition SP2)

      Hello!
     Can CUCM 9.1.2 support an integration with Active Directory(Windows Server 2003 Standart Edition SP2)? How do I have to write down LDAP Manager Distinguished Name? I can find supporting only Active Directory 2003 in documentations without reference to Operation System.

    Yes, it is possible.
    Check this how-to if you have any doubts about the process.
    http://blog.ipexpert.com/2010/04/28/cucm-and-active-directory-integration/
    http://www.markholloway.com/blog/?p=1189

  • Problems with lion 10.7.3 and active directory ( windows 2008 )

    Hi all,
    Since LION 10.7.3 , i can't loggin my mac pro into a active directory ( windows server 2008 ).
    The lion walk round and round but impossible to connect the AD ? !
    In LION 10.7.2 , it was possible ......
    What can i do ?
    Thank in advance for help
    BHT

    Whats up guys! Thanks for the response and sorry for the delay!
    I tried that, Strontium90, no good! I was able to disable mobileconfirm using your command line, but we're still prompted with the same message when a new user logs in. See screenshots:
    Thoughts?

  • Error Pop-Up Activator on windows server

    I use windows server 2008 R2  active already but some month i remote to server has error  . How to fix it ?

    Ok, so MAK can be a little more sensitive to hardware changes, and, will require re-activation with the online MS webserver (or via telephone).
    This can also happen in a KMS environment, but that is usually transparent and re-activates silently.
    For your MAK scenario, you will need to re-activate this server.
    Follow the activation procedure you used, when you first installed the server.
    (probably, if the server does have internet access, you can just execute: cscript slmgr.vbs /ato )
    refer: http://technet.microsoft.com/en-us/library/ff793398.aspx
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Restore Active Directory on Server 2008 using NTDS.DIT file

    hello
    I have NTDS.DIT file with me and want to restore it on same hardware with same host name and IP
    Please help

    Hi Rochak,
    You have only the NTDS.DIT file? 
    No its not possible to restore the AD only using NTDS.DIT. You need to have the System state backup.  
    System state backup and restore operations include all system state data: you cannot choose to backup or restore individual components
    due to dependencies among the system state components. However, you can restore system state data to an alternate location in which only the registry files, Sysvol directory files, and system boot files are restored. The Active Directory database, Certificate
    Services database, and Component Services Class Registration database are not restored to the alternate location.
    http://technet.microsoft.com/en-us/library/cc938537.aspx
    Regards,
    Rafic
    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

  • Active Directory, Windows 2003 SP2 Server and SMB shares

    I have 10 new iMacs that will be returned and exchanged for 10 HP wintels if I can't resolve an issue with SMB shares in Mac OS X 10.4.9.
    We had an old win 2000 server, and all the macs could mount their smb shares without problems.
    Recently we upgraded to two new 2003 sp2 servers, one of them the domain controller, and we can't mount their SMB shares. I followed this http://weblog.bignerdranch.com/?p=6&page=3 and/or this http://allinthehead.com/retro/218/accessing-a-windows-2003-share-from-os-x to allow AD authentication, but still, I can't mount the 2003 shares (but can with the 2000 ones!!!).
    If I enable SFM (services for macintosh) then I can mount the shares, but:
    1) the network is slower (I supouse is due to appletalk implementation)
    2) and worse, names with more than 32 characters or with some special characters are not allowed. This renders 30% of our archives unavailable with the AFP solution.
    I also used all the authentication methods (Plain text apple, plain text windows, etc.) but no one works.
    I have now 10 days to find a solution, or all "my" macs will dissapear forever.
    Please, some advice or point to documentation.
    G4, G5, iMac Intel, Mac Book Pro, etc   Mac OS X (10.4.9)  

    Do you just want to mount arbitrary share from the win servers or do you want the macs to be bound to AD?
    The first requires the steps from your second link (allinthehead.com) but the latter (bind to AD) requires things like proper use of DNS, time synchronisation for kerberos to work and proper configuration as described in your first link (bignerdranch.com).
    Here are some more links for the latter (AD intergration):
    http://www.bombich.com/mactips/activedir.html
    http://www.afp548.com/article.php?story=20051202151540574&query=ad-od
    HTH
    -Ralph

  • Active Directory & Weblogic Server - No users?

    I created a new security realm (name = AD Realm) so that I could play around and
    see what works. However, I'm running into trouble. I can't see the list of users.
    I'm assuming that once I have all the setting correct, WebLogic will go out and
    get the list of users. I created an ActiveDirectoryAuthenticator in the console
    with the host, principal and credential correct. I also set UserNameAttribute="sAMAccountName",
    UserBaseDN="DC=intranet,DC=dev" and UserFromNameFilter="(&(sAMAccountName=%u)(objectclass=user))"
    I've also made a web app that uses JNDI and which contacts the AD directly. It
    is able to get information back using the same values that I plugged into the
    console.
    The log file seems to be no help.
    Windows2000, Weblogic 7
    Thanks,
    Gary

    Hi Gary
    The ADS authenticator supplied doesnt allow you to list users through
    the WLS console . As of now only the users createdin embedded ldap
    server will be displayed through the WLS console
    try testing witha webapp (configured for security) to make sure that
    the users are authenticating correctly
    Gary Kephart wrote:
    I created a new security realm (name = AD Realm) so that I could play around and
    see what works. However, I'm running into trouble. I can't see the list of users.
    I'm assuming that once I have all the setting correct, WebLogic will go out and
    get the list of users. I created an ActiveDirectoryAuthenticator in the console
    with the host, principal and credential correct. I also set UserNameAttribute="sAMAccountName",
    UserBaseDN="DC=intranet,DC=dev" and UserFromNameFilter="(&(sAMAccountName=%u)(objectclass=user))"
    I've also made a web app that uses JNDI and which contacts the AD directly. It
    is able to get information back using the same values that I plugged into the
    console.
    The log file seems to be no help.
    Windows2000, Weblogic 7
    Thanks,
    Gary

  • Active Directory Connector server Error

    Dear All,
    I've faced this Exception while i've run AD reconciliation job  , the following is the connector server Error
    ConnectorServer.exe Information: 0 : Starting connector server: C:\Program Files (x86)\Identity Connectors\Connector Server
        DateTime=2013-06-26T08:24:23.3332424Z
    ConnectorServer.exe Information: 0 : Started connector server
        DateTime=2013-06-26T08:24:23.3801180Z
    ConnectorServer.exe Information: 0 : Server started on port: 8759
        DateTime=2013-06-26T08:24:23.3957432Z
    ConnectorServer.exe Information: 0 : Stopping connector server
        DateTime=2013-06-26T08:24:53.6617556Z
    ConnectorServer.exe Information: 0 : Stopped connector server
        DateTime=2013-06-26T08:24:53.6930060Z
    ConnectorServer.exe Information: 0 : Starting connector server: C:\Program Files (x86)\Identity Connectors\Connector Server
        DateTime=2013-06-26T08:47:53.0780484Z
    ConnectorServer.exe Information: 0 : Server started on port: 8759
        DateTime=2013-06-26T08:47:53.3749291Z
    ConnectorServer.exe Information: 0 : Started connector server
        DateTime=2013-06-26T08:47:53.3749291Z
    ConnectorServer.exe Information: 0 : Creating new pool: ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector )
        DateTime=2013-06-26T13:35:45.8003033Z
    ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: The server is not operational.
       at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.ExecuteQuery(ObjectClass oclass, String query, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 824
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.RawSearcherImpl`1.RawSearch(SearchOp`1 search, ObjectClass oclass, Filter filter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1223
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.RawSearcherImpl`1.RawSearch(Object search, ObjectClass oclass, Filter filter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1194
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.SearchImpl.Search(ObjectClass oclass, Filter originalFilter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1156
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
       at ___proxy1.Search(ObjectClass , Filter , ResultsHandler , OperationOptions )
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
        DateTime=2013-06-26T13:46:24.7813215Z
    ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: The server does not support the requested critical extension.
       at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.ExecuteQuery(ObjectClass oclass, String query, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 824
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.RawSearcherImpl`1.RawSearch(SearchOp`1 search, ObjectClass oclass, Filter filter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1223
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.RawSearcherImpl`1.RawSearch(Object search, ObjectClass oclass, Filter filter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1194
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.SearchImpl.Search(ObjectClass oclass, Filter originalFilter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1156
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
       at ___proxy1.Search(ObjectClass , Filter , ResultsHandler , OperationOptions )
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
        DateTime=2013-06-26T13:46:33.2346088Z
    ConnectorServer.exe Error: 0 : System.IO.IOException: Unable to write data to the transport connection: An established connection was aborted by the software in your host machine. ---> System.Net.Sockets.SocketException: An established connection was aborted by the software in your host machine
       at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
       at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       --- End of inner exception stack trace ---
       at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.IO.BufferedStream.FlushWrite()
       at System.IO.BufferedStream.Flush()
       at Org.IdentityConnectors.Framework.Impl.Serializer.Binary.BinaryObjectEncoder.Flush() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\SerializerBinary.cs:line 291
       at Org.IdentityConnectors.Framework.Impl.Api.Remote.RemoteFrameworkConnection.Dispose() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiRemote.cs:line 132
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.Run() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 380
        DateTime=2013-06-26T13:46:33.3908618Z
    ConnectorServer.exe Error: 0 : System.IO.IOException: Unable to write data to the transport connection: An established connection was aborted by the software in your host machine. ---> System.Net.Sockets.SocketException: An established connection was aborted by the software in your host machine
       at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
       at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       --- End of inner exception stack trace ---
       at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.IO.BufferedStream.FlushWrite()
       at System.IO.BufferedStream.WriteByte(Byte value)
       at Org.IdentityConnectors.Framework.Impl.Serializer.Binary.InternalEncoder.WriteInt(Int32 v) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\SerializerBinary.cs:line 179
       at Org.IdentityConnectors.Framework.Impl.Serializer.Binary.InternalEncoder.WriteObject(ObjectEncoder encoder, Object obj) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\SerializerBinary.cs:line 112
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessRequest() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 462
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.Run() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 370
        DateTime=2013-06-26T13:46:33.3908618Z
    Thanks
    Shereen

    In the troubleshooting section of the guide, couple of reasons for this exception are mentioned. Maybe you can browse through them.
    Troubleshooting

  • Upgrading from Mavericks to Yosemite breaks Active Directory. Is there a fix / work-around?

    I work for an organization that uses Active Directory  (Windows Server 2008, I believe) for user account management and also for managing printer shares. Until Yosemite, OS X worked brilliantly with AD and our user accounts and machines were bound easily and reliably. When any user upgrades to Yosemite, the process occurs without a hitch except that AD connectivity breaks.
    The color indicator for Network Account Server in Users & Groups is green, indicating that believes the connection to the directory server is OK. If you select "Edit" for the directory configuration - everything looks as it did before. However, if one attempts to access the Active Directory tree using Directory Utility it displays the error "Connection failed to node '/Active Directory/COMPANY/All Domains'. If one uses the command line utility 'dscl' to attempt to list AD entries, you also get errors:
    > ls Active\ Directory/COMPANY
    All Domains
    > ls Active\ Directory/COMPANY/All\ Domains
    ls: Invalid Path
    <dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
    If I go to add a printer, I can no longer retrieve the printer list from the domain.
    I have checked, and there DNS search domains are correctly configured and fully configured properly on all the computers involved. They can all ping the AD servers, and if I used dig to check for SRV records for LDAP (_ldap._tcp.directory.company.com), they are correct.
    Does anyone have an idea what's going on? What's changed and how to fix it?

    We spent over a month trying to find a fix for this issue, and even your fix didn't work.
    Same as you we have forest AD.LOCAL and domain as domain.com.
    We are sure the DNS settings are fine, the green light is on and it even authenticate as it said my password will expire in X days. But it never pass the loading login screen.
    Can anyone assist please?
    Thanks.

  • Active Directory 2003 and Sun One Directory Server 5.2

    I just installed Sun One Directory Server 5.2 on a Linux machine. I want to configure LDAP on that machine so that it can be authenticated on Active Directory 2003. How do I go about doing this?

    Active Directory server is a "directory server" (and kerberos server.) If your linux client authenticates against Active Directory it doesn't have to involve the Sun Directory Server at all. You have several general approaches you could investigate:
    1. Linux client gets accounts and and authentication via LDAP from Active Directory
    If you use AD to handle unix LDAP authentication (opt 1) you may need to extend schema in AD to add the unix password field. I haven't tried it yet, but hope to.
    2. Linux client gets accounts from AD LDAP and authorization from AD Kerberos.
    There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
    3. Linux client (with samba client installed, with winbind or pam_smb to support unix level services) gets accounts and authentication as a "Windows" client from Active directory "Windows server"
    Check the samba.org docn or forums- I think this is a pretty common solution.
    4. Linux client gets account information from Sun Directory server but uses kerberos (against active directory) for authentication.
    There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
    5 Linux client gets account and authorization from Sun Directory server, which the sun Directory server configured to use Active Directory as a Kerberos server.
    Probably incredibly complex.

  • How to transfer user accounts from Active Directory to Open Directory

    Please help me , want to tranfer user accounts from Active Directory (Windows server 2012 ) to Open Directory (OS X server 10..2.9)

    Hi,
    Go to the advanced administration for the OSX Server:
    https://help.apple.com/advancedserveradmin/mac/3.1/#apd6D7FE39D-32AA-400C-91E1-5 0ABC15655C8
    This pretty easy way of connecting your server to the Windows server should give AD users access to OD services. That will be a good start.
    Read up on this as well:
    http://support.apple.com/kb/PH15469
    Do you want to import them all or just the Mac users?
    Goodluck!
    Jeffrey

  • Problu00E8me avec BO Active directory

    Post Author: julien_troubat
    CA Forum: Administration
    Bonjour, nous avons récemment migré des utilisateurs d'un groupe de travail dans un domaine Active Directory Windows Server 2003. La machine cliente est sous windows 2000. Les données étaient précédemment stockées en locale sur la machine. Lors de la migration nous déplaçons les documents des utilisateurs sur le serveur Active Directory dans leur dossier personnel.  Le problème étant que lorsque on execute une requête (stockée maintenant sur le serveur), Windows nous renvoit une erreur nous disant : le fichier (ou un de ses composants) est introuvable. Vérifiez que le chemin et le nom de fichier sont corrects, et que toutes les bibliothèques requises sont disponibles. Si on essaie de lancer BO, rien ne se passe.  J'ai donné le controle total à l'utilisateur sur le dossier de BO dans Program Files, ainsi que sur c:orant Quelle est la solution ? Merci d'avance n'hésitez pas à demander pour plus de précisions.  

    Hi,
    thats a really old Version. There were some issues prior to SP2 with updating the AD Graph on schedule base.
    I would recommend to update to SP3 before doing deeper troubleshooting.
    Regards
    -Seb.

  • Issues logging in with 10.8 (Mountain Lion) Active Directory

    Having an issue when when "some" users try to login to ML the desktop never comes up. There is just a spnning wheel next to the password and the only way to cancel it is to do a hard reboot. These same user have no issues loggin to 10.7 (Lion) or 10.6 (Snow Leopard). When I login as the local admin I can see the home folder for the user that tried to login.

    Active Directory - WIndows Server 2008 R2
    Orginzation is just one of the 7 domains in a forest. The users that are able to login are generic ones that are created in our domain. The ones that can not login are ones with that have information in 2 domains. 1 in our domain (AD) and 1 in another domain (Exhange) not sure if that is the reason or not. Tired putting only our domain in authentication search policy and unchecking "Allow authentiation from any domain in the forest". Also tried "perfer this domain server" with no luck.

  • ACS 4.2.0.124 Appliance with Active Directory with windows 2008

    we have a solutions of 802.1x with Cisco ACS appliance wich is working fine, the soluction include two ACS appliance version 4.2.0.124, 02 remote Agent wich is setting up on windows 2003. The remote agent is integrated with Active Directory windows 2003. The computers have windows XP with service pack 2 and service pack 3, all computers do machine authentication and then user authentication. My customer in thinking in migrate the Active Directory windows 2003 to windows 2008. My question is ¿there wil be some problem with Active Directory 2008 with the current soluctión of ACS and 802.1x solution ? or I will have to do aditional task.     
    Marco

    Hi,
    You can find the suported Windows Server versions on the online documentation:
    ACS 4.2: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/windows/install.html#wp1041376.
    ACS 4.2.1: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Installation_Guide/windows/install.html#wp1041376.
    So, i would suggest you to double-check carefuly the Release and Service Pack of the new 2008 Servers and also the OS bit version to make sure you migrate to Win2008 but continue on a supported scenario.
    HTH,
    Tiago
    If   this helps you and/or answers your question please mark the question  as  "answered" and/or rate it, so other users can easily find it.

  • Windows Server 2008 R2 activation via KMS failure

    Hello,
    I'm trying to activate about 20 Windows Server 2008 R2 via KMS. Before that I have successfully activated Windows 7 clients and Microsoft Office 2010 products. But when I try to activate Windows Server 2008 R2 clients via kms I'm getting the following error
    on the KMS host: 
    . Exception System.Runtime.InteropServices.COMException (0xC004F074)
    KMS host installed on the machine with Windows 7 Professional OS. From the VAMT GUI I can see the following Windows server license information :
    Key Type : CSVLK
    Edition : ServerStandard;ServerEnterprise;ServerWeb;ServerHPC
    Description : Server 2008 R2 Std and Ent Volume.
    If I try to activate product from the client I get the following error : 
    Error: 0xC004F074 The Software Licensing Service reported that the computer could not be activated. The Key Management Service(KMS) is unavailable. 
    I have searched a lot about this error. But still cannot solve the issue. 
    Thanks & Regards
    Ulzii

    Yes KMS host is Windows 7. I read all documents about KMS but haven't read this doc. So I have to change KMS host or add Win Server KMS host, that's right?
    Yes that's right. Windows "Client" OS editions, when setup as KMShost, cannot issue activations for Windows "Server" OS editions.
    To do so, you will need a KMShost product key for Windows Server - you will only have such a product key if you have purchased Windows Server licenses through Volume Licensing.
    (The Windows 7 KMShost product key cannot be installed on Windows Server OS)
    http://social.technet.microsoft.com/wiki/contents/articles/22510.volume-activation-kms-mak-adba-avma.aspx
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Maybe you are looking for