Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later

101

102

103

104

105

106

107

108

109

110

Chapter 7 Managing Directory Access 103

6 Click Bind, authenticate as a user who has rights to set up a connection to the Active

Directory domain, and click OK.

Name and Password: You may be able to authenticate by entering the name and

password of your Active Directory user account, or the Active Directory domain

administrator may have to provide a name and password.

OU: Enter the organizational unit (OU) for the computer you’re configuring.

7 Optionally, set the advanced options.

If the advanced options are hidden, click Show Advanced Options.

“Cache last user logon for offline operation”: Select this option to enable the use of

offline credentials without modifying the Active Directory schema. This is considered

the default setting for users logging in to the computer. An equivalent capability is

provided by managed client settings in an Open Directory domain and most LDAP

directory domains. If a user account has actual managed client settings, then this

option is ignored.

“Authenticate in multiple domains”: Select this option to allow users from any

domain within the forest to authenticate on this computer. If this option is unchecked,

a list of specific domains within the forest will be presented when you configure a

custom Authentication search policy so that you can add domains individually to the

search policy.

“Prefer this domain server”: Select this option to specify the DNS name of the server

whose Active Directory domain you want used by default. If the server becomes

unavailable in the future, the Active Directory plug-in automatically falls back to

another nearby server in the forest. If this option is unselected, the Active Directory

plug-in automatically determines the closest Active Directory domain in the forest.

“Map UID to attribute”: If the Active Directory schema has been extended to store a

unique UID (unique user ID) for each user—usually because the Active Directory server

has already been configured to support UNIX computers—you can specify the

attribute that stores the UID. If this option is unselected, a UID is automatically

generated based on Active Directory’s standard GUID attribute.

“Allow administration by”: Select this option to specify a list of groups whose

members are allowed to do administrative tasks on this computer (for example, install

software). Use commas to separate group names in the list. For security, group names

must be qualified by the domain name they are from (for example, ADS\Domain

Admins,IL2\Domain Admins). This option is useful if you have desktop administrators

who need administrative access but are not domain administrators.

If you want the computer to access the Active Directory domain you just configured,

you must make sure Active Directory is enabled in the Services pane.

LL2352.Book Page 103 Friday, August 22, 2003 3:12 PM