Thanks to Tedd Kidd for the following article, on automatically managing administrative privileges based on Active Directory groups! This is a quick and easy way to assign any user to the local admin group in OS X based on their group membership in your Active Directory. This should also work with Open Directory or eDirectory groups if your workstations are bound to those directory services. You’ll need to include this code in the workstation login script so that it runs as root but uses the $@ variable to determine the user that is logging in. #!/bin/bash # Set group name to check against groupname=”domain admins” if [ “`/usr/bin/dsmemberutil checkmembership -U…
-
-
Setting Up Time Machine Server in Lion Server
-
Video On Setting Up Software Update Services In Lion Server
-
Video on Setting Up Profile Manager in Lion Server
-
Video ON Setting Up File Sharing Services In Lion Server
-
Automating Profile Manager Enrollment Through DeployStudio
When planning to migrate from managed preferences to profiles, one of the important aspects to consider is automated enrollment. One of the more important aspects of automating a traditional managed preferences environment is to automate the binding to directory services. You do not bind to Profile Manager; however, you do enroll devices. Much like binding computers to Lion Server’s Open Directory (by default), certificates and host names are important aspects of the enrollment process. Much as with local managed preferences, management via profiles can be done through the command line and without any involvement from a centralized source. I had written an article awhile back on using profiles from the…
-
Integrating Mac OS X Lion Server's Profile Manager With Active Directory
Over the years, the terms Magic, Golden, Triangle, Augments, Directory, Domains and Active have given the administrators of Mac OS X environments fits. So when you think about using Active Directory to manage iOS devices through the Profile Manager service, built into Lion Server, you may think that it’s a complicated thing to piece together. You may remember those days when you had to manually craft service principals because xgrid wouldn’t play nice with Acive Directory, or you might think of twisting augmented records to support CalDAV. But you’re gonna’ have to forget all that, ’cause getting Profile Manager to talk to Active Directory is one of the easiest things…
-
Configuring Out of Office Messages in Lion Server
One of the more common administrative tasks for any administrator of a mail server is to work with users on enabling various rules. One such rule is the Out of Office email messages. These messages can be enabled to automatically send responses to people that send email to those accounts when a user is not going to be checking mail. These can be somewhat frustrating for people on list serves, but they are a great way to be able to step away from your email in the event that you’re, I don’t know, Out of the Office. I should learn to rely on these more when I’m on vacation, but…
-
Address Book Server "Groups"
I use the term “groups” loosely here. On my list of features that are needed in Lion Server (a much smaller since the advent of 10.7.3 btw) is the fact that Address Book Server doesn’t have groups, resources or whatever you want to call a logical structure that is a place for groups of users to keep contacts whose access can be limited to only certain users. The Address Book client fully understands such constructs, given that it separates the GAL from a user’s contacts and that user’s can themselves have groups of contacts. This area is a huge miss. The reason this annoys me is that you have the…
-
Podcasting in Lion Server
There have been a number of articles on using the Podcast Producer service in Snow Leopard and previous operating systems. The Podcast Producer service itself in Lion remains unchanged. It still needs shared storage (e.g. NFS, Xsan, etc), Xgrid, Kerberos (for Xgrid) and while seeming to sit atop a house of cards, is one of the coolest and most complex services in Mac OS X Server. But there have been a lot of environments where Podcast Producer seemed out of reach where it shouldn’t have. If you have a single server, why do you need shared storage, a truly scalable grid computing cluster and all that complex workflow goodness at…