Comments for Mac Admin Corner http://blog.macadmincorner.com General IT and Mac administration ramblings Wed, 10 Mar 2010 15:52:59 +0000 http://wordpress.org/?v=2.9.1 hourly 1 Comment on Leopard Active Directory Integration Headaches by Jared http://blog.macadmincorner.com/leopard-ad-integration-headaches/comment-page-1/#comment-406 Jared Wed, 10 Mar 2010 15:52:59 +0000 http://170.140.189.180/blog/?p=51#comment-406 @Patrick - I have several macs bound to the domain, but after working for some time (successfully authenticating to the domain) - they stop authenticating when connected to the network. AD account and password status are perfectly ok and verified, but when trying to authenticate with AD credentials and connected to the network, authentication fails. If the user simply disconnects the network connection, they are able to authenticate successfully. They are using a mobile account, and their password should be cached anyway, but something weird seems to be happening when the mac is contacting the domain controller. Any ideas? I was just wondering if you have come across this before. This is happening on a couple of computers running 10.5.8 and 10.6.2. Thanks for any suggestions! @Patrick – I have several macs bound to the domain, but after working for some time (successfully authenticating to the domain) – they stop authenticating when connected to the network. AD account and password status are perfectly ok and verified, but when trying to authenticate with AD credentials and connected to the network, authentication fails. If the user simply disconnects the network connection, they are able to authenticate successfully. They are using a mobile account, and their password should be cached anyway, but something weird seems to be happening when the mac is contacting the domain controller. Any ideas? I was just wondering if you have come across this before. This is happening on a couple of computers running 10.5.8 and 10.6.2. Thanks for any suggestions!


]]> Comment on Add user to admin group with Applescript by Lance Eichel http://blog.macadmincorner.com/add-user-to-admin-group-with-applescript/comment-page-1/#comment-405 Lance Eichel Sun, 07 Mar 2010 08:49:50 +0000 http://blog.macadmincorner.com/?p=346#comment-405 This is a excellent way of seeing things, not that hard for you to learn. Thank you for finding time to share your your current thinking. This is a excellent way of seeing things, not that hard for you to learn. Thank you for finding time to share your your current thinking.


]]> Comment on Allow Non-Admin users to Manage Printers by David Stewart http://blog.macadmincorner.com/allow-non-admin-users-to-manage-printers/comment-page-1/#comment-404 David Stewart Thu, 25 Feb 2010 20:36:56 +0000 http://blog.macadmincorner.com/?p=266#comment-404 JD, what version of the OS did you apply this change to? 10.5.8 has the system.print.admin entry you refer to but 10.5.6 does not? JD, what version of the OS did you apply this change to? 10.5.8 has the system.print.admin entry you refer to but 10.5.6 does not?


]]> Comment on Leopard Active Directory Integration Headaches by Patrick http://blog.macadmincorner.com/leopard-ad-integration-headaches/comment-page-1/#comment-403 Patrick Thu, 25 Feb 2010 11:12:00 +0000 http://170.140.189.180/blog/?p=51#comment-403 @Jonathan - AD is where the user accounts are. @Jonathan – AD is where the user accounts are.


]]> Comment on Leopard Active Directory Integration Headaches by Jonathan Panza http://blog.macadmincorner.com/leopard-ad-integration-headaches/comment-page-1/#comment-402 Jonathan Panza Thu, 25 Feb 2010 03:22:16 +0000 http://170.140.189.180/blog/?p=51#comment-402 I work at Yale university in the IT Dept. We mostly don't even bother pushing the macs into AD. Any reason why you went this way......typically mac users march to their own drummer. I work at Yale university in the IT Dept. We mostly don’t even bother pushing the macs into AD. Any reason why you went this way……typically mac users march to their own drummer.


]]> Comment on Ten blogs every Mac admin should know about by connectionfailure http://blog.macadmincorner.com/ten-blogs-every-mac-admin-should-know-about/comment-page-1/#comment-401 connectionfailure Mon, 22 Feb 2010 01:11:27 +0000 http://blog.macadmincorner.com/ten-blogs-every-mac-admin-should-know-about/#comment-401 That's a great list. I hadn't heard of four of them, plus Jon's in the comment, so there's five new blogs to keep an eye on. Not so fond of eWeek and ComputerWorld as they dont have any hands-on soutions. Mostly just a PC-eyed view of the Mac world. Lots of posts about what OSX *can't* do for example. The other blogs have stuff about what it can do, or how to fix what's broke. That’s a great list. I hadn’t heard of four of them, plus Jon’s in the comment, so there’s five new blogs to keep an eye on.
Not so fond of eWeek and ComputerWorld as they dont have any hands-on soutions. Mostly just a PC-eyed view of the Mac world. Lots of posts about what OSX *can’t* do for example.
The other blogs have stuff about what it can do, or how to fix what’s broke.


]]> Comment on Migrate Local User to Domain Account by rmmiles http://blog.macadmincorner.com/migrate-local-user-to-domain-account/comment-page-1/#comment-398 rmmiles Sat, 13 Feb 2010 00:35:34 +0000 http://blog.macadmincorner.com/?p=352#comment-398 Very cool concept, just some thoughts from having run the script on a few system; you might want to add a failsafe on line 74, to confirm that the group getting deleted does not match the “admin” group name (or any other local group name), ie. if the local account’s short name is “admin”, thus causing the “admin” group to be deleted (which removes local admin access for all local and domain accounts). Also, once a local account is selected, shouldn’t the script wait to delete the local account until a domain user is entered (in case you want to close the script and not continue with the migration)? Thanks, Very cool concept, just some thoughts from having run the script on a few system; you might want to add a failsafe on line 74, to confirm that the group getting deleted does not match the “admin” group name (or any other local group name), ie. if the local account’s short name is “admin”, thus causing the “admin” group to be deleted (which removes local admin access for all local and domain accounts). Also, once a local account is selected, shouldn’t the script wait to delete the local account until a domain user is entered (in case you want to close the script and not continue with the migration)? Thanks,


]]> Comment on Migrate Local User to Domain Account by Guy http://blog.macadmincorner.com/migrate-local-user-to-domain-account/comment-page-1/#comment-386 Guy Wed, 10 Feb 2010 16:20:30 +0000 http://blog.macadmincorner.com/?p=352#comment-386 Will your script migrate user accounts from one domain to another? Just replaced an existing Exchange 2003 server with an Exchange 2010 solution, but the domain and DNS servers are different... This was the solution we found for migrating each account in Windows: http://my.galagzee.com/2007/08/05/transparent-windows-workstation-domain-migration/ It would be nice if Snow Leopard had an easy solution for this as well... Will your script migrate user accounts from one domain to another? Just replaced an existing Exchange 2003 server with an Exchange 2010 solution, but the domain and DNS servers are different…

This was the solution we found for migrating each account in Windows:

http://my.galagzee.com/2007/08/05/transparent-windows-workstation-domain-migration/

It would be nice if Snow Leopard had an easy solution for this as well…


]]> Comment on Ten blogs every Mac admin should know about by Jon Brown http://blog.macadmincorner.com/ten-blogs-every-mac-admin-should-know-about/comment-page-1/#comment-378 Jon Brown Wed, 27 Jan 2010 23:29:11 +0000 http://blog.macadmincorner.com/ten-blogs-every-mac-admin-should-know-about/#comment-378 I love your blog, and I reference it almost weekly. I am a new Mac Systems Admin and have found this blog and many of those on your site to offer a wealth of information. Thanks so much! I have also started a Mac Sys Admin blog over at http://www.jonsblog.org. I love your blog, and I reference it almost weekly. I am a new Mac Systems Admin and have found this blog and many of those on your site to offer a wealth of information. Thanks so much! I have also started a Mac Sys Admin blog over at http://www.jonsblog.org.


]]> Comment on Convert Local Account’s Home to AD account with Local Home by Patrick http://blog.macadmincorner.com/convert-local-accounts-home-to-ad-account-with-local-home/comment-page-1/#comment-377 Patrick Wed, 27 Jan 2010 17:58:51 +0000 http://170.140.189.180/blog/?p=39#comment-377 @William No, this script would have to be re-written for Leopard or SL. Use this one instead for Tiger/Leo/SL: http://blog.macadmincorner.com/migrate-local-user-to-domain-account/ @William

No, this script would have to be re-written for Leopard or SL. Use this one instead for Tiger/Leo/SL:
http://blog.macadmincorner.com/migrate-local-user-to-domain-account/


]]>