Specifications
Chapter 8 Advanced Directory Client Settings 167
Mapping the Primary Group ID to an Active Directory
Attribute
On a computer that’s congured to use Directory Utility’s Active Directory connector,
you can specify an Active Directory attribute that you want mapped to Mac OS X’s
primary group ID (GID) attribute in user accounts.
Usually, the Active Directory schema must be extended to include an attribute that’s
suitable for mapping to the primary GID:
If the Active Directory administrator extends the Active Directory schema by Â
installing Microsoft’s Services for UNIX, you can map the primary GID to the
msSFU-30-Gid-Number attribute.
If the Active Directory administrator manually extends the Active Directory schema Â
to include RFC 2307 attributes, you can map the primary GID to gidNumber.
If the Active Directory administrator manually extends the Active Directory schema to Â
include the Mac OS X PrimaryGroupID attribute, you can map the primary GID to it.
If mapping of the primary GID is disabled, the Active Directory connector generates a
primary GID based on Active Directory’s standard GUID attribute.
WARNING: If you change the mapping of the primary GID later, users might lose
access to previously created les.
To map the primary GID to an attribute in an extended Active Directory schema:
1 Open System Preferences and click Accounts.
2 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
3 Click Login Options, then click Edit.
4 Click Open Directory Utility.
5 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
6 Click Services.
7 In the list of services, select Active Directory and click the Edit (/) button.
8 If the advanced options are hidden, click Show Advanced Options.
9 Click Mappings.
10 Select “Map user GID to attribute” and enter the name of the Active Directory attribute
you want mapped to the primary group ID in user accounts.
11 Click OK.