Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
151152153154155156157158159160
Using Advanced Active Directory Service Settings
You can congure a server with Mac OS X Server or a computer with Mac OS X to
access an Active Directory domain on a Windows 2000 or Windows 2003 server.
For task descriptions and instructions, see:
 About Active Directory Access on page 15 8
 Conguring Access to an Active Directory Domain on page 160
 Setting Up Mobile User Accounts in Active Directory on page 163
 Setting Up Home Folders for Active Directory User Accounts on page 164
 Setting a UNIX Shell for Active Directory User Accounts on page 165
 Mapping the UID to an Active Directory Attribute on page 166
 Mapping the Primary Group ID to an Active Directory Attribute” on page 167
 Mapping the Group ID in Group Accounts to an Active Directory Attribute
on page 168
 Specifying a Preferred Active Directory Server on page 169
 Changing the Active Directory Groups That Can Administer the Computer
on page 169
 Controlling Authentication from All Domains in the Active Directory Forest
on page 170
 Unbinding from the Active Directory Server on page 171
 Editing User Accounts and Other Records in Active Directory on page 172
Alternative methods for accessing an Active Directory domain are relevant for some
networks. See Setting Up LDAP Access to Active Directory Domains on page 172 .
About Active Directory Access
You can congure Mac OS X to access basic user account information in an Active
Directory domain of a Windows 2000 or later server. This is possible because of an
Active Directory connector for Directory Utility. This Active Directory connector is listed
in the Services pane of Directory Utility.
You do not need to make schema changes to the Active Directory domain to get basic
user account information. You might change the default Access Control List (ACL) of
specic attributes so computer accounts can read user properties.
The Active Directory connector generates all attributes required for Mac OS X
authentication from standard attributes in Active Directory user accounts. The
connector also supports Active Directory authentication policies, including password
changes, expirations, forced changes, and security options.
158 Chapter 8 Advanced Directory Client Settings