- Jamf Nation Community
- Products
- Jamf Pro
- Re: Off Topic
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Off Topic
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-26-2009 08:19 AM
Our Sr. SysAdmin is trying to migrate our OD to a new box. From 10.4 to 10.5 (or beyond)
It seems that he cannot migrate it over intact... having the users
passwords migrate also.
He would have to migrate it over and then have the users all change
their passwords.
Our company is not large, @300 users, but we need to get this done
without user intervention.
We are a mostly Mac company but we do have 40 or so windows machines
bound to the domain.
I know some of you have much larger installations than I have... how did you overcome this issue?
This is sort an off topic request, although i can see where using casper to bind the Macs to OD again is a Casper thing.
Thanks
Peter
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-26-2009 08:56 AM
Peter,
This can be easily remedied several different ways. First and foremost the only time you can preserve user passwords is if you do a full archive of LDAP in OS X Server. It is really not best practice to do this when migrating from one version to the next. The best practice is to export your users/groups to plain text and reimport them. Then set, say a master password for all user accounts and then check the box that says "Force password change on next log in." This way the user will log in with the password of say, monday, and once they log in using that password they will be prompted to pick a new one.
If you don't own a license to the app called Passenger I really recommend you go ahead and get it. It is a very awesome GUI tool designed to tailor import files into OD. I use it all the time. It has a few other features in the app itself that are useful as well, and couple more that I don't use at all. I wrote up a tech article and review of it on my site (yeah I know another shameless self plug).
http://tlarkin.com/tech/passenger-v379-review
Now if you do scrap it and redo all users, they will have a new UID and it will not match the old UID that is assigned to the home folder. Passenger has batch permission jobs it can run to remedy this. I also have a few shell scripts I have written myself that do the same thing on the client side which I would gladly share with you.
As for binding the client, Casper can do that easily. It has a built in easy button. I use a script to bind my clients that I have Casper run at first boot post imaging. You can also set your OD server to set bindings via DHCP services. That is, if you decide to have your OS X Server run DHCP.
In my humble opinion, Passenger is well worth the $100 to $150 you pay for it. I have 30+ servers and 7,000+ user accounts that I manage in my 1:1 deployment and I think I created every user account with in a few hours in one day using Passenger this summer. Your Sys Admin will really like it.
-Tom
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351
chown -R us /.base
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-17-2011 05:12 AM
Is there any features that timecapsule brings to the table that a
standard external hard drive doesn't for use with Time Machine?
I mean, I can get 2+TB drives for a fraction of the cost of the 1TB
TimeCapsule...
John Wojda
Lead System Engineer, DEI & Mobility
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
Page: (224)532.3447
Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana
Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>
"Any time you choose to be inflexible in your approach to an
unpredictable project you are already building failure into your plan"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-17-2011 07:01 AM
Wireless/Network backup is about all I can think of that you gain.
John
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-17-2011 07:12 AM
And a wireless base station.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-17-2011 08:55 AM
You can do a defaults write to enable the use of a USB hard drive connected to a regular Airport Extreme base station. You do it on each client machine
http://www.engadget.com/2007/11/10/how-to-enable-time-machine-on-unsupported-volumes/
This is what I have at home and I prefer it to running a Time Capsule. Mainly because you can't partition the drive in a Time Capsule (or at least couldn't at the time) so that some is network backup and some is network storage. You *can* do this with an externally attached USB drive that you partition before hooking it to the Extreme base station.
Best of all worlds. More features, upgradability of your storage and it's far cheaper.
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-22-2011 03:55 PM
I think the defaults write is not needed any more: http://arstechnica.com/apple/news/2008/03/finally-airport-extreme-usb-disk-time-machine-backup.ars
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-23-2011 06:58 AM
Nope. It's still needed. That update was short-lived.
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-31-2011 10:57 AM
Hi Folks,
Our Mac which utilize the Casper Imaging process seem to be losing their AD connection. Although the setting is still visible in the directory tool, the connection is red until the Mac is rebooted. I would like to get to the root cause of this.
While I know this is a functional issue and not related to Casper imaging, I am just curious who else has run into this with your Macs.
We have a magic triangle solution in place and works really well. In addition, all of the lab Macs in question are on 10.6.8.
Any thoughts or experiences would be most greatly appreciated.
Mick
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-31-2011 11:26 AM
For me it was checking the search policy. For some reason I'd always get multiple Active Directory listings for Authentication and Contacts. After removing duplicates, I was able to get the green light on 10.5 and 10.6.
Hope this helps.
--Noah
