Help

Odd Active Directory group behavior

jarednichols
Honored Contributor

Posted on ‎03-22-2010 11:52 AM

Hi-

Our new Macs with 10.6.2 are being deployed on our Active Directory domain.
We're specifying in the AD-plugin group(s) that should be allowed to
administer the computer if a member logs in, such as our help desk and local
IT folks (if a group is equipped with them).

The odd behavior is that if you're in that AD group when you log in, you
receive your Admin privs just fine. However, the account does not cache
(even though other accounts do) and you do not have Admin rights unless the
computer can communicate with the domain controller. This includes if the
machine goes to sleep and you wake it up. Before sleep you had Admin, after,
you don't.

Has anyone ever seen this? It certainly doesn't seem like it's the way it
should be.

Thanks
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos
Reply
3 REPLIES 3

ernstcs
Contributor III

Posted on ‎03-22-2010 11:59 AM

I have not seen this.

Not an issue with workstations that stay on the network.

Not on laptops where the binding has create mobile account at login checked in the binding in the JSS.

Craig E

0 Kudos
Reply

ClassicII
Contributor III

Posted on ‎03-13-2013 06:47 AM

Sorry to drag this old post out. But is any one still seeing this?

We are noticing the same behavior now in 10.8.2. Maybe this is the way it works all the way back to 10.6.

0 Kudos
Reply

franton
Valued Contributor III

Posted on ‎03-13-2013 06:56 AM

We've got this issue on 10.8.2 as well. In fact during a single session I can gain, lose and regain admin rights multiple times.

0 Kudos
Reply