Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: Binding to single-label Active Directory domains' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Binding to single-label Active Directory domains
Authored by: mbartosh on Mar 15, '06 05:11:57AM

First of all, just saying snything like this:

_
I don't know how much of the following is critical for the connection to AD, but I've worked so long and hard to get this working that I don't want to turn them off and on to try to break it. And given other posts about unpredictable behavior, turning them off and on may not even tell me which ones are necessary.
_

...correlation is not causality! This is basic scientific theory they teach in any sience or social science course. You can't just stay stuff like this without regression testing. And characterizing the AD Plug-in (which Apple has done a great job on) as unpredictable is spurious and just wrong.

'single lable' AD domains are the simplest to support. Whatever problem you're hving, it's not related to that. Moreover:

-Mac OS X is entirely unable to use that as a DNS search domain, which does not conform to the dns namespace. Nothing could use that as a DNS search domain.

-The LDAPv3 Plug-in has -nothing- to do with the AD Plug-in, and your direction there opens your machine to malicous compromise

" [my domain controller].[my domain]. (note the last period, may be important)" -- You do not specify the domain controller. you specify the domain. The domain controller is then discovered via DNS service discovery.

-leaving the OU field blank just puts it into the default cn=Computers.

Do -real troubleshooting- and regression. Learn about the DirectoryService debug mode. AD integration in general works great, and is far easier than you have characterized. If it took you as long as you say, you should have brought a consultant in, it'd have saved your compaany money.


__
Essential Mac OS X Server System Administration
O'Reilly

---
4am Media, Inc. Mac OS X Training and Consulting



[ Reply to This | # ]
10.4: Binding to single-label Active Directory domains
Authored by: Moshker on May 09, '06 04:03:28PM

This may be an old thread, but these "reverse FUD" head in sand type responses really aggravate me.

He says "Hey I am having problems" you respond with "your statements are unscientific, apple is good." Brilliant.

I and several other administrators at my organization are having intermittent and frustrating problems with AD integration as well.

"You can't just stay stuff like this without regression testing." - ??? What universe are you from? Seriously. His opinion is as legitimate as your blanket statement that the directory plug-in is good. Your experience differs and instead of proving your experience with some kind of scientific method you state that he isn't being scientific without you offering any kind of proof either. Spurious? Do a search for Troubleshooting Active Directory and OSX. The reasons for it not working may be varied, may even be MS for all I know, but to try to say it is easy to use and universally stable is just as dumb.

I'm not an expert on OSX, but I can follow instructions. This shouldn't be rocket science that requires a consultant. If it does then someone at Apple failed to do their job.



[ Reply to This | # ]