Skip to main content
Question

LDAP Server with AD Binding - Cannot change password

C
Forum|alt.badge.img+3

Hey Everyone,
So I've got a predicament here. This is the back story:

We have 4 DC's, DC1, DC2, DC01 and DC02

LDAP binding was setup for DC1
The Directory Binding setup within the Casper Policy went to CORP.xxxx.xxxx (FQDN)

DC1 at some point stopped replicating changes made.

We decommissioned DC1 and moved the DHCP and DNS roles to another DC

Now Mac users cannot change their password. It says "the Server is Unavailable"

I've changed the LDAP server settings to match the new DC that has the DHCP and DNS roles but the computers that were bound to AD with the Casper policy won't allow the password change.

Unbinding and re-binding to AD allows them to change their password.

Also, specifying a preferred domain controller WITHOUT unbinding does not work.

Is there a way to force the LDAP server changes to the computers that were joined to the domain with Casper without having to unbind and rebind?

    3 replies

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • 1811 replies
    • November 9, 2015

    Are you using cached accounts? It sounds like they've completely lost communication with the domain.

    There is some info in /Library/Preferences/OpenDirectory/Configurations/Active Directory/YOURDOMAIN.plist that might allow you to alter the DC the clients are looking at, although it does sound like a re-bind is needed to me.

    C
    Forum|alt.badge.img+3
    • cfullerton
    • Author
    • New Contributor
    • 2 replies
    • November 9, 2015

    We have mobile accounts setup as part of the domain binding.

    It doesn't look like there's anything in that PLIST that shows the old, decommissioned DC ther than the FQDN under "trust domain", "domain" and "forest"

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • 1811 replies
    • November 9, 2015

    Another route could be to re-bind one of the Macs to AD and compare the different between the two files. That might indicate a change that could correct the issue.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings