Adding an iMac to a Corporate IT windows Network.

Discussion in 'General Mac Discussion' started by atomiton, Nov 4, 2004.

  1. atomiton macrumors regular

    Joined:
    Sep 23, 2004
    #1
    We have recently purchased an iMac for the IT team and I am in charge of making it play with Active Directory....

    I have figured out how to access network resources (simple) but it is painfully slow to transfer files...

    5 hours left for a 700MB file.

    any suggestions?
     
  2. mklos macrumors 68000

    mklos

    Joined:
    Dec 4, 2002
    Location:
    My house!
    #2
    You can bind Mac OS X with Active Directory so that you can use your Windows username and password to log in with the iMac. When you do this it will map any drives that are in the login script for that particular user.

    It is very possible. I did it with the school I used to work in that was all PCs with 3 iBooks.

    On the iMac:

    1. Make sure you're logged in as administrator, or logged into an account with administrative rights to the iMac.

    2. Double click on your HD, then to Applications, then to Utilities, then to Directory Access (your HD/applications/utilities/directory access)

    3. Click the lock in the bottom left to unlock it. You'll need to enter the administrator username and password for the Mac. Since you're logged in as a user with administrative rights you can just use your username and password. If the lock is already unlocked the skip this step.

    4. Check the box next to Active Directory to enable Active Directory access.

    5. Click once on Active Directory and then click the Configure.... button.

    6. Put in the following entries:

    yourdomain.com for the Active Directory Forest.
    yourdomain.com for the Active Directory Domain.

    For example: terabyte.com for Active Directory Forest and terabyte.com for Active Directory Domain

    7. Under the Computer ID put in what ever you want to call the iMac. DO NOT PUT IN THE NAME OF YOUR ACTIVE DIRECTORY SERVER!!!! YOU WILL BE SCREWED IF YOU DO!!!!!

    8. Click the blue button with the arrow on it and it will show you more options. If you already see the options, skip this step.

    9. Under Prefer This Domain Server, put in the name of the server, followed by the domain.com. (ex. myserver.terabyte.com) This will make it look for only the Primary Domain Server when trying to Bind.

    10. Click the Bind button. It will ask you for a username and password. Put in the Username and Password for Active Directory. It should go all the way through and Bind. If it does go to step 11. If it doesn't Private Message me with any errors you got and I'll try to help you along.

    11. Click OK. It may ask you for the administrator password for the Mac again. Just put it in and click OK and it should you back to the Directory Access Window.

    12. Click on the Authentication Tab and then click on the Search pull down menu and select Custom Path.

    13. Click on the Add button and sheet should pop down with the newly domain that you just joined. Select that and click Add. (ex. Active Directory/domain.com)

    14. Click on the Contacts Tab and then click on the Search Pull Down menu and select Custom Path.

    15. Click the Add button and then again, select the Domain you just added.(ex. Active Directory/domain.com)

    16. Click the Apply button and then click on the Directory Access Menu next to the Apple menu in the top left and Quit Directory Access.

    17. Logout

    18. If you have the login screen with the pictures you should see another user in there called Other... Select that and put your Windows login username and password and it should log right in and map all of the drives just as you've logged in with a Windows machine. Thats it, you're done!
     
  3. varmit macrumors 68000

    varmit

    Joined:
    Aug 5, 2003
  4. atomiton thread starter macrumors regular

    Joined:
    Sep 23, 2004
    #4
    i tried it... it seeemed to work... no error messages...

    Our Active Directory is set as gcl.net and our primary domain server is everest (so everest.gcl.net) I've set the forest to gcl.net

    excellent step-by-step btw. Did you take a technical writing course?

    I've tried it all, but when I try to log in as other and login to a standard windows account, it just shakes with the incorrect password message.

    You'll have to excuse me, i've not used macs in a corporate setting much as all.

    Hey, cool... i just figured out how to ctrl-arrow... using alt/option... cool, didn't know if that was possible...

    Anyway, back to the network. I'm going to try logging in as username@gcl.net instead of just username / password. That's the only thing that i can think that will work.

    Thanks for the help, btw. This is a beautiful machine, btw... turned a few heads in the IT dept... and they were sick of hearing me talk about apple anyhow. hehehehhe....
     
  5. atomiton thread starter macrumors regular

    Joined:
    Sep 23, 2004
    #5
    Nope, that didn't work either... but interestingly enough... when the "other" box comes up, i can type in the OS X Mac username/pw and it logs into the local account.
     
  6. atomiton thread starter macrumors regular

    Joined:
    Sep 23, 2004
    #6
    UPDATE: Apparently, the MAc User NAme and the Windows Username can not be the same. It would appear to work now.

    I will resume testing on Monday.

    Thanks for the great help!
     
  7. mklos macrumors 68000

    mklos

    Joined:
    Dec 4, 2002
    Location:
    My house!
    #7
    I forgot to tell you that. If you have a local account called Administrator then you cannot log in as administrator on the network as the Mac cannot determine which is which. The same goes for other usernames. So if you have a local account on the Mac called joeuser and one called joeuser in Active Directory then it will default to the local account.

    Here is what I did for the Administrator problem. I created another local account on the Mac called Sys Admin with administrative privileges and deleted the one called Administrator. Then I could still log in as administrator locally on the mac using the username sys admin, and still login as administrator in Active Directory with the username administrator.

    Here are a couple of other little cool things you can do now that it works.

    You can make it so that everyone has the same specialized dock settings. So, for example if you only wanted Safari, Mail, IE, QuickTime, and Preview to show up when people login using the Mac you can do that.

    To make this work, do the following:

    1. Login locally as administrator, or whatever the local administrator user account is.

    2. Then make the dock settings the way you want it and then go to: HD/Users/username/Library/Preferences/com.apple.dock.plist. Select that by clicking ONCE on it and then go to the Edit Menu and Copy it.

    3. Then minimize that and go to: HD/System/Library/User Template/English.|proj. You should see the default home users account thats created when you create a new username. This is where is grabs the stuff when you make a new user. You'll notice that there are little no signs by all the folders. This is because you don't have permission to look at them, nor modify them. So were gonna change that right now. Go to step 4o to continue.

    4. Control Click on the Library Folder and select "Get Info".

    5. Click on the Ownership and Permissions arrow.

    6. Click on the Details arrow

    7. Click on the padlock and put in the local administrator password if it asks. If the padlock shows that its unlocked then you now have permissions to change the permissions of the folder.

    8. Under the Owner category click on the pulldown menu and select your local username that you're logged in as. If it asks for a password put in the local administrator password and click ok.

    9. Then minimize that get info window into the dock.

    10. Go back into the dock and maximize the window we minimized before with the user template.

    11. Double click on Library and you should be able to open that folder. You will notice that the Library folder will still have a red negative sign next to it even though you went through and gave yourself permission to access that folder. Just double click on it and it should still open.

    12. You will now notice that all the folders inside the Library folder have red negative signs on them. Find the Preferences Folder and right click on that and go to "Get Info" and follow the same procedure we did before to give you access to that folder.

    13. Double Click on the Preferences folder and it should open. If not then control click and go to "Get Info" and under the Ownership & Permissions section make sure it says your local username under the Ownership section.

    14. Once the Preferences folder is opened control click on the white space in that window and Paste Item and the com.apple.dock.plist should paste into that window. Every user should now have the same dock settings.

    15. Chose the Back arrow and then control click on the Preferences folder and select "Get Info" and undo all of the changes you've made to the Ownership.

    OR

    16. Just close all of the windows out and then go to HD/Applications/Utilities/Disk Utility and then Repair Permissions and it should fix everything for you. This is an easy and quick way to undo all of the permission changing you did.

    17. Log out and log back in as a user thats never been on the Mac before and it should have the same dock settings as you put in.

    There are other things you can do like this also but I'll go into that later.
     
  8. mklos macrumors 68000

    mklos

    Joined:
    Dec 4, 2002
    Location:
    My house!
    #8
    I did take one semester of Technical Writing in College as a requirement for my degree, but I never had to do things like that. I just love writing step by step things telling people how to do things on their Mac. If I can do things like that to help people using a Mac then people will feel better about choosing the Macintosh Platform over the Windows platform.
     
  9. atomiton thread starter macrumors regular

    Joined:
    Sep 23, 2004
    #9
    Well, I admit that I looked forward to coming to work more than usual today.

    I'm going to save this thread as a bookmark. Great Resource.

    And Sharepoint seems to work quite well on the Mac as well... so I'm happy about that.

    We'll soon be getting our Apple Remote Desktop to support our Mac team as well... and connect their localized OS X Server, and soon, their XServe RAID to the rest of the network.

    It's a pity they're on a different subnet at our other location, I can't connect to their iTunes music... as not many on this side have iTunes, or at least don't know how to enable sharing (and if they did, being on a Windows box means you fear the word "share" as a potential security risk)

    Unless there is some way to connect, as head office is on 172.16.70.x and they're on 172.16.10.x
     
  10. atomiton thread starter macrumors regular

    Joined:
    Sep 23, 2004
    #10
    LDAP Global Address Book

    There is one other question I have... and that has to do with pulling up the Global Address book.

    I had Mail working for the Mac, but it just doesn't leverage Exchange Mail Server very well. Nice interface, but still...

    I have got the Office 2004 w/ Entourage test trial while waiting for the PO to authorize to get the entire suite.

    SO, I got fired up Entourage and apart from a weird choice in LDAP servers (it worked using pinatubo, which it automatically found, but wouldn't accept the same as the exchange server "whistler") but that's okay, it's working... and it pulled up my Exchange Calendar and mail, after a few minutes of downloading the messages.

    However, I don't know how to access the Global Exchange Address Book. I know there are those who say just copy it to the local address book, but realistically, this isn't a good solution when you're looking at a company that's 500+ people.

    Group collaboration is also important as well, and the Office suite, especially 2003/2004(mac) seem to do it very well. Add to that the new look with the vertical panes, and it's a very good looking client.

    Anyway, does anyone know any recommendations when it comes to using Entourage with Exchange? Things like being able to see and access the Global Corporate Address Book are key.

    Thanks in Advance...
     

Share This Page