Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
101102103104105106107108109110
106 Chapter 7 Managing Directory Access
To specify which groups of Active Directory user accounts have administrator
privileges:
1 In Directory Access, click Services.
2 If the lock icon is locked, click it and type the name and password of an administrator.
3 Select Active Directory in the list of services, then click Configure.
4 If the advanced options are hidden, click Show Advanced Options.
5 Select Allow administration by and enter the names of groups.
Use commas to separate group names. For security, group names must be qualified by
the domain name they are from (for example, ADS\Domain Admins,IL2\Domain
Admins).
Editing User Accounts and Other Records in Active Directory
You can use Workgroup Manager to make changes to user accounts, group accounts,
computer accounts, and other records in an Active Directory domain. You can also use
Workgroup manager to delete records in an Active Directory domain. For instructions,
see the user management guide.
To create user accounts, group accounts, computer accounts, and other records in an
Active Directory domain, use the Microsoft Active Directory administration tools on a
Windows server administration computer.
Setting Up LDAP Access to Active Directory Domains
Using Directory Access, you can set up an LDAPv3 configuration to access an Active
Directory domain on a Windows server. An LDAPv3 configuration gives you full control
over mapping of Mac OS X record types and attributes to Active Directory object
classes, search bases, and attributes. Mapping of some important Mac OS X record
types and attributes, such as the unique user ID (UID), requires extending the Active
Directory schema.
An LDAPv3 configuration does not include many features of the Active Directory plug-
in listed in Directory Access. These include dynamic generation of unique user ID and
primary group ID; creation of a local Mac OS X home directory; automatic mounting of
the Windows home directory; cached authentication credentials; discovery of all
domains in an Active Directory forest; and support for Active Directory replication and
failover. See “Learning About the Active Directory Plug-in on page 101 for more
information.
You can use Directory Access to create a configuration that specifies how Mac OS X
accesses a particular LDAPv3 or LDAPv2 directory.
LL2352.Book Page 106 Friday, August 22, 2003 3:12 PM