Archive for the ‘Open Directory’ Category

Apple discontinues macOS Server

April 21, 2022 Leave a comment

After a long run, first beginning with Mac OS X Server 1.0 in 1999, Apple has announced the end of macOS Server as of April 21, 2022. The final version is macOS Server 5.12.2, which runs on macOS Monterey.

Screen Shot 2022 04 21 at 1 46 23 PM

macOS Server 5.12.2 has shed many of the features once supported by macOS Server. As of 5.12.2, the following two services are supported:

Both services are not currently available outside of macOS Server, so Apple discontinuing macOS Server also means the end of the line for Apple’s Open Directory directory service and Apple’s Profile Manager MDM service.

For current customers who have purchased macOS Server, macOS Server 5.12.2 remains available in the App Store.

Screen Shot 2022 04 21 at 1 42 03 PM

Open Directory in Mavericks no longer requires multiple processors

November 22, 2013 Leave a comment

In Mac OS X Server 10.7.x and 10.8.x, there’s been an issue that Mac admins have run into more than once:

“I’m trying to set up Open Directory in this VM, but the service won’t enable.”

Profile Manager in 10.7.x and 10.8.x also has an known issue where it crashes when set up in a VM. The root cause is the same: Profile Manager needs to have Open Directory running and Open Directory won’t turn on.

The fix for this issue in 10.7.x Server and 10.8.x Server is simple – give your VM more than one processor. Once you give the VM multiple processors (two is fine), Open Directory should begin working. This will also fix the Profile Manager crashing issue, as Open Directory should now enable properly.

In Mavericks, it appears Apple has addressed this issue. In my testing, Open Directory no longer requires multiple processors.

Screen Shot 2013-11-22 at 8.03.07 AM

Now that Open Directory can run with one processor, Profile Manager also now runs properly on a one-processor VM.

Screen Shot 2013-11-22 at 8.08.46 AM

Adding groups from your directory service to your Mac’s admin group

February 17, 2011 2 comments

If your Mac environment is using a directory service for authentication (like Apple’s Open Directory or Microsoft’s Active Directory), you can add a group from your directory service to be a member of your Mac’s local admin group (members of which have administrative rights on your Macs.) This helps simplify granting administrative rights on your Macs, as you can add and remove accounts to your server-end group to grant and remove administrative rights for those accounts on your Macs.

To add a group from your directory service to your Mac, you can use the following command:

sudo dseditgroup -o edit -a “group name” -t group admin

If you’re adding an AD group, you may need to add the AD domain’s name:

sudo dseditgroup -o edit -a “DOMAIN\group name” -t group admin

For Active Directory, you can also use the dsconfigad tool to enable or disable administrative rights for a particular AD group:

sudo dsconfigad -groups “group name”

Groups can be specified by domain to ensure security is not compromised, e.g., “domain”

One thing to watch for with adding AD groups is that the group whose members you want to give administrator rights to needs to be listed as the Primary Group in AD for those accounts. Otherwise, they may not be given administrative rights on the Macs despite the AD group being added to the local admin group.

%d bloggers like this: