Windows AD account

Discussion in 'Mac OS X Server, Xserve, and Networking' started by cookiesnfooty, May 13, 2012.

  1. cookiesnfooty macrumors 6502

    cookiesnfooty

    Joined:
    Jul 1, 2009
    Location:
    Harrogate
    #1
    Hello,

    I have the macbook and Windows Server logging in and accessing all documents as you would expect. I do have one issue however, in the accounts screen it says that the account is an admin account but it doesn't have the same permission level as local admin account. I am unable to edit certain preferences and like logmein I am unable to close this down or edit the settings unless I login with the local admin account.

    Can anyone offer advice on where I have gone wrong?
     
  2. Mattie Num Nums macrumors 68030

    Mattie Num Nums

    Joined:
    Mar 5, 2009
    Location:
    USA
    #2
    Can you post a picture of your accounts pane so I can see what it says also can you do the following in terminal and post it.

    Code:
    su dscl . read /Users/username 
    Also, keep in mind when a user is a Network Admin, local admin rights disappear once you are off record unless you are in the correct group.
     
  3. cookiesnfooty thread starter macrumors 6502

    cookiesnfooty

    Joined:
    Jul 1, 2009
    Location:
    Harrogate
    #3
    Please see pictures attached.

    I have looked around the internet and have yet to find a solution.
     

    Attached Files:

  4. rwwest7 macrumors regular

    Joined:
    Sep 24, 2011
    #4
    Do you have two accounts with the same name?

    When you try to change a system setting, when it pops up for the password make sure you're using the shortname because it looks like the long names are identical so that might confuse it.

    That is likely the root of your problem. I have network accounts working fine as admins but they don't have sister local accounts to make things act weird.
     
  5. cookiesnfooty thread starter macrumors 6502

    cookiesnfooty

    Joined:
    Jul 1, 2009
    Location:
    Harrogate
    #5
    Hi,

    Thank you for your message, it does seem to work as an admin account but it doesn't seem to have the same level permissions as a local admin account.

    The Full name is the same however the network has AD at the end of the username to identify It as a network account.
     
  6. rwwest7 macrumors regular

    Joined:
    Sep 24, 2011
    #6
    Do you have a very specific example? Maybe the problem you are having is normal.

    You still should try another network admin account with a unique long name just to eliminate. Assuming is always bad troubleshooting.

    ----------

    Also make the account mobile and see if that makes a differences.
     
  7. cookiesnfooty thread starter macrumors 6502

    cookiesnfooty

    Joined:
    Jul 1, 2009
    Location:
    Harrogate
    #7
    I've tested a unique account. Basically a local admin account can access extra options such as settings for logmein and also they can uncheck and check boxes such as Allow to administer etc.
     
  8. Mattie Num Nums macrumors 68030

    Mattie Num Nums

    Joined:
    Mar 5, 2009
    Location:
    USA
    #8
    One thing I notice is that the account is not managed meaning its local only.

    Have you tried Mobile Accounts?
     
  9. cookiesnfooty thread starter macrumors 6502

    cookiesnfooty

    Joined:
    Jul 1, 2009
    Location:
    Harrogate
    #9
    I turned them to mobile accounts and it's still the same should network admin accounts have same power as local? Can you untick allow this user administrative controls?
     
  10. cookiesnfooty thread starter macrumors 6502

    cookiesnfooty

    Joined:
    Jul 1, 2009
    Location:
    Harrogate
    #10
    Does the staff account control local admin? If so is there away to add a windows AD to mac staff account group?
     

Share This Page