Yosemite + Server 4.1 + Active Directory (2008R2)

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Kr15, Jun 3, 2015.

  1. Kr15 macrumors newbie


    Feb 13, 2014
    Ladies and gents,

    I would appreciate some input or thoughts on this topic.

    So... Quick brief.
    We had an Open Directory running on 10.6 Servers which was (still is) utterly rubbish.
    Also because it's impossible to upgrade 10.6 OD to something more reliable and up to date we have made a decision to rethink all the process in total.

    Decision was made to go with Active Directory instead (also because we are moving to Office 365 at some point).

    So now I'm preparing new environment but have some tricky oddities.

    I've installed 2008R2 Windows server (I know it's quite old but we had licence for 2008R2 + I'm not keen seeing 2012 MS Server (aka Windows 8 Server) as our main AD server, it's not stabile enough yet)

    Latest Xserve running Yosemite + Server app 4.1 (I know, it's old... But this is the last machine made by Apple which I'm ready to call a Server + I need FC HBA to get our storage attached)

    And Xserve is bound to AD.

    Groups. When group is used in file sharing - all fine, AD group members are able to connect to the shares etc. But for example I've set up protected website to be accessed by particular group and guess what - it doesn't work. Tried different sites, no success. Tried reinstalling OS X Server - same. Tried spare Mini Server - nope.
    Also, sometimes when I open a group the members section is empty but still users can connect to the shares from within the group.

    Is it AD issue? Yosemite bug? Or I should do good old "golden triangle" setup (I would prefer not to, I'm just not looking forward managing 2x directory services...)?


  2. satcomer, Jun 3, 2015
    Last edited: Jun 4, 2015

    satcomer macrumors 603


    Feb 19, 2008
    The Finger Lakes Region
    I gave up relying on directories when sharing files! In work we went to a NAS system setup with VLAN users folders on the NAS instead. For home use I suggest getting a smart NAS like a Synology NAS.
  3. sonamo, Jun 3, 2015
    Last edited: Jun 3, 2015

    sonamo macrumors member

    Jan 23, 2014
    Not sure, but you would probably benefit from doing a clean install of both Windows Server 2008 R2 and OS X 10.10 on independent machines that aren't in production. That will give you the definite answer to your question.

    I agree with the previous post. We switched to a Synology for about 50 users last year and haven't had any problems with it. I had one at home before we got one here and that one works great too. I am Apple Certified for OS X Server 10.8 to 10.10 and think it makes a pretty lousy file server.
  4. iansilv macrumors 65816

    Jun 2, 2007
  5. Cybaru macrumors newbie


    Aug 12, 2015
    You will need to use the Golden Triangle, but it won't be as terrible as you fear...

    All of the authentication for OS X Server services (such as the Websites service, Profile Manager (aka, another website), file sharing, mail, etc.) is processed by Open Directory or the local user directory. But you need to use Open Directory in order to relay requests to/authenticate against AD.

    You should not need to replicate your Active Directory users and groups inside Open Directory. Simply set up your X Serve as an OD master, and then bind the Xserve to your AD domain. Your Xserve should then be able to process login requests for AD users, even if the AD user object does not exist inside OD.

    When configuring permissions to OS X Server services, you should be able to see AD users and groups in the permissions sheets in the GUI.
  6. satcomer macrumors 603


    Feb 19, 2008
    The Finger Lakes Region
    Go to NAS Selector and figure out what you could afford.

    I personally like the Ds414Play especially if you plan to host videos on screens at work.
  7. hobowankenobi macrumors 6502a

    Aug 27, 2015
    on the land line mr. smith.
    Been doing this with 10.9, and 10.10, with no issues.

Share This Page