Specifications
To add or remove Active Directory group accounts whose members have
administrator privileges:
1 Open System Preferences and click Accounts.
2 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
3 Click Login Options, then click Edit.
4 Click Open Directory Utility.
5 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
6 Click Services.
7 In the list of services, select Active Directory and click the Edit (/) button.
8 If the advanced options are hidden, click Show Advanced Options.
9 Click Administrative
10 Select “Allow administration by” and change the list of Active Directory group accounts
whose members you want to have administrator privileges:
Add a group by clicking the Add (+) button and entering the Active Directory Â
domain name, a backslash, and the group account name (for example, ADS\Domain
Admins, IL2\Domain Admins).
Delete a group by selecting it in the list and then clicking the Delete (–) button. Â
11 Click OK.
Controlling Authentication from All Domains in the Active
Directory Forest
On a computer that’s congured to use Directory Utility’s Active Directory connector,
you can permit users in the Active Directory forest to authenticate from all domains, or
you can restrict authentication to users from individual domains.
To control whether users can authenticate from all domains in the forest:
1 Open System Preferences and click Accounts.
2 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
3 Click Login Options, then click Edit.
4 Click Open Directory Utility.
5 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
6 Click Services.
17 0 Chapter 8 Advanced Directory Client Settings