Hello all!
We're running an MS AD system for user authentication on our Mac clients, and we were having a bit of trouble with group lookups. We finally tracked it down to the fact that the '/all domains' authentication search path wasn't actually picking up all the groups for some reason, and some of our groups were under '/[DOMAIN NAME]' instead. If we set the search path to ONLY /[DOMAIN NAME] other groups were lost (authentication breaks as well), and adjusting our "allow authentication from all domains in the forest" option hasn't helped.
Anyway, besides the point. Once both /all domains and /[DOMAIN NAME] are setup in the search policy and contacts search paths, all the group information is pulled in and authentication works. Now we're looking for a a way to add /[DOMAIN NAME] to the search policy on all our Macs either via a script, or, preferably, a managed preference. I've searched around a bit, but so far haven't been able to find where this would be set.
Any tips?
Extra information:
OS X Lion clients
NOT a .local domain (anymore. This has fixed so many problems.)
Server 2003 with native schema
Casper 8.51 (will be updating to .52 soon)
