none
Edit directory from macOS Server

    Question

  • My network is mostly Macs so I also run macOS Server so I can manage my Macs; my Mac Server binds fine to AD and can even extend permissions to AD users, however, I'm trying to modify groups so I can assign assign new stuff but it won't let me. Simply opening the properties window of a group and clicking OK without making any changes prompts me for authentication.

    I tried inputting the admin accounts but no one will work, it tells me that users "is not an administrator on that node" I tried inputting the Open Directory admin account and it won't work either, it just shakes the window wrong. Also inputting fake accounts will shake the window wrong but typing in the admin credentials doesn't, though it won't let me do a thing.

    I added the computer (macOS Server) on AD DS Users & Computers to the Administrators group and delegated permissions to it in its property window over at AD but it still won't let me edit stuff.

    Screenshots here: https:// 1drv.ms/f/s!Aln_B1W1PHb4yCV1oL9Ew_eKyjnO
    Sorry, Microsoft doesn't let me post until I verify but I get no email.

    • Moved by nzpcmad1 Sunday, December 11, 2016 5:54 PM From ADFS
    Saturday, December 10, 2016 2:22 PM

All replies

  • Have a look at this. You can manage AD (including groups) from macs by using web ui that adds OS degeneracy to management: http://www.adaxes.com/blog/how-to-manage-active-directory-from-linux-or-macos.html 
    Monday, December 12, 2016 6:32 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 26, 2016 3:10 AM
    Moderator
  • I'm sorry for the immense delay. I thought I was going to be notify in case of answer but I didn't.

    I had already seen that but it's too expensive and it's not native to OS X/macOS; I can just as well use RDP to do edits directly in a domain controller or better yet use RemoteApps to launch the directory managing tools right in macOS, alas, though closer to a native solution it still isn't modifying AD directly from Server.app.

    Since I posted the question I've learned quite a few things and now I'm considering FreeIPA and instead do edits there and have that server sync stuff back to AD. :)

    Thanks anyway!

    Wednesday, November 15, 2017 12:46 PM