Skip to main content
Question

AD binding issues

  • October 1, 2008
  • 2 replies
  • 5 views
J
Forum|alt.badge.img+9

OK, so this time it's an AD binding issue:

Can I delete the /Active Directory/All Domains entry from my Authentication and Contacts search policies in Directory Utility with Casper? Every time I test my binding procedure, duplicate AD entries are displayed. I want to delete the existing one before creating a new one with a new bind.

Also, I can't seem to change the preferred order of the directories in the search policies. I want AD to appear before OD, but the dscl changei command to change the index doesn't like me. Can Casper handle this, too?

I have a feeling this should be easier than it's been and I'm doing something wrong...

Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121

    2 replies

    A
    • Anonymous
    • October 2, 2008

    Let me see if I understand You get a duplicate machine acct in AD after you
    have bound? If so it sounds like the acct used to bind does not have delete
    permissions to the machine acct object OR ownership of the object is taken
    by a privileged acct. Our AD guys have give us pretty much God like
    privileges to the Computers container (with the exception of move). This
    makes life a lot easier.

    J
    Forum|alt.badge.img+9
    • jstrauss
    • Author
    • Contributor
    • October 2, 2008

    Actually, I'm using the domain admin account to perform the binding.
    Late last night I resolved this by appending a dscl command to remove
    Authentication search policy entries to my unbind script. I don't know
    why it wasn't working, but it is now. :)

    Sent from my iPhone 3G

    Terms & ConditionsCookie settingsAccessibility statement