In Harald Monihart’s and my (german) O’Reilly book “Professionelles Mac-Client-Management in Windowsumgebungen” we describe how to use computer lists in Active Directory to manage your Mac clients.

To make this work, you need to extend your AD schema. We describe this process in our book, but you can also read it in our free sample chapter on the O’Reilly site.

Unluckily, OS X Lion and Mountain Lion clients do not support these computer lists by default.

Apple has just released an article on their knowledge base site in which they describe how to make 10.7 and 10.8 clients support AD computer lists.
The article can be found here.

The overall process is simple:

  1. Bind your 10.7 or 10.8 client to the AD (nothing special here).
  2. Type “dsconfigad -alldomains disable” in Terminal.
  3. In Directory Utility’s Search Policy tab replace e.g. “/Active Directory/WORKSHOP/All Domains” with e.g. “/Active Directory/WORKSHOP/workshop.intern”. Save your settings.
  4. Open Directory Utility -> Directory Editor and create a new computer list:
  5. Open Workgroup Manager, connect to AD hitting command-D, add your Lion machines to the freshly created computer list and add some settings to this list:
  6. Reboot the client (or simply log out and back in again) to see if your new settings get applied.

That’s it!
So finally an easy way to manage 10.7 and 10.8 clients using AD computer lists.

If you need help doing this in larger deployments, please get in touch with me.

Posted on May 2, 2012 by André Aulich. This entry was posted in Mac Client Management, Mac OS X, Windows Server.

One Response to How to make Lion and Mountain Lion clients work with Active Directory computer lists