This article has been archived and is no longer updated by Apple.

Lion Server: Workgroup Manager may be unable to create a computer list in Active Directory

An Active Directory server with an extended schema to support managed clients settings on OS X clients may encounter an issue when attempting to create computer lists in Workgroup Manager.

You can use one of these workarounds. You will need to first make changes to the search policy on the Lion system that will be used to modify the computer list, as described in each workaround.

Workaround: Use ADSI Edit to create the computer list

  1. Run the following Terminal command to modify the Active Directory plugin--to disable authentication from all domains in the forest:

    • dsconfigad-alldomains disable

  2. Open Directory Utility.

  3. Click the Search Policy tab.

  4. Remove the Active Directory entry for "All Domains" (for example, /Active Directory/EXAMPLE/All Domains).

  5. Click the "+" icon and add the Active Directory entry that ends with your domain name (for example, /Active Directory/EXAMPLE/example.com).

  6. Apply the changes.

  7. Use ADSI Edit on the Windows Server to create the computer list.

  8. Use Workgroup Manager on a Lion system to edit the computer list when you need to add computers to the list or manage MCX settings.

Workaround: Use Directory Utility in Lion to create the computer list

  1. Run the following Terminal command to modify the Active Directory plugin--to disable authentication from all domains in the forest:

    • dsconfigad -alldomains disable

  2. Open Directory Utility.

  3. Click the Search Policy tab.

  4. Remove the Active Directory entry for "All Domains" (for example, /Active Directory/EXAMPLE/All Domains).

  5. Click the plus icon and add the Active Directory entry that ends with your domain name (for example, /Active Directory/EXAMPLE/example.com).

  6. Apply the changes.

  7. Open Directory Utility.

  8. Click the Directory Editor tab.

  9. Select "Computer List" next to "viewing", and the appropriate Active Directory Node next to "in node".

  10. Click the lock and authenticate as a domain administrator or as an account that has delegate permission to create a computer list.

  11. Click the "+"icon to create a new computer list and give it a name.

  12. Save the changes.

  13. Use Workgroup Manager on a Lion system to edit the computer list when you need to add computers to the list or manage MCX settings.

Learn more

In order for Lion clients to receive MCX settings from these computer lists, the Search Policy on the clients must be changed as described above.

Published Date: