Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
171172173174175176177178179180
5 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
6 Click Services.
7 In the list of services, select Active Directory and click the Edit (/) button.
8 Click Unbind, authenticate as a user who has rights to terminate a connection to the
Active Directory domain, and click OK.
If you see an alert saying the credentials weren’t accepted or the computer can’t
contact Active Directory, click Force Unbind to forcibly break the connection.
If you forcibly unbind, Active Directory still contains a computer record for this
computer. Notify the Active Directory administrator so the administrator knows to
remove the computer record.
9 In the Services pane, deselect Active Directory’s Enable setting, then click Apply.
Editing User Accounts and Other Records in Active Directory
You can use Workgroup Manager to make changes to user accounts, group accounts,
computer groups, and other records in an Active Directory domain. You can also use
Workgroup Manager to delete records in an Active Directory domain.
If the Active Directory schema has been extended to include standard Mac OS X
record types (object classes) and attributes, you can use Workgroup Manager to create
and edit computer groups in the Active Directory domain.
For more information about working with user accounts, group accounts, and
computer groups, see User Management.
To create user or group accounts in an Active Directory domain, use the Microsoft
Active Directory administration tools on a Windows server administration computer.
Setting Up LDAP Access to Active Directory Domains
Using Directory Utility, you can set up an LDAPv3 conguration to access an Active
Directory domain on a Windows server. An LDAPv3 conguration gives you full control
over mapping Mac OS X record types and attributes to Active Directory object classes,
search bases, and attributes.
Mapping some important Mac OS X record types and attributes, such as the unique
user ID (UID), requires extending the Active Directory schema.
An LDAPv3 conguration does not include the following features of the Active
Directory connector listed in Directory Utility:
Dynamic generation of unique user ID and primary group ID Â
Creation of a local Mac OS X home folder Â
17 2 Chapter 8 Advanced Directory Client Settings