Sponsors
Sponsor Products
Mac's and Active Directory issues: Are we the only ones?
posted by William Sandler  on May 9, 2018, 2:45 p.m. (12 days ago)
3 Responses     0 Plus One's     0 Comments  
We have to reboot macs sometimes in order for the "network accounts are unavailable" message to go away. Luckily our Macs all have SSDs so a reboot isn't the end of the world but it's still annoying.

William Sandler
All Things Media, LLC
william.sandler@allthingsmedia.com

On Wed, May 9, 2018 at 12:53 PM Daniel Cox <content@studiosysadmins.com> wrote:
I'm the Active Directory Admin at my company. We have a mixed environment of Mac's, Windows (Servers and workstations), and Linux (Servers) all on Active directory. I am trying to find out if our heartache with Mac's is typical in such a mixed environment or if it is unusual and I need to do some thing to make it more stable. The big issue that we see is that the Macs seem to stop talking to AD and require a reboot to get them going again and utilizing the central authentication. However in more problematic cases we have to unbind and re-bind the Macs to AD to get things working again. Now I have had Windows machines in the past go dumb and need to be re-added to AD so I know it is possible but with the Macs it seems like every week at least a couple need this to get working again. As far as we can tell there is no network issues that are dropping connections (at least not for long enough for a human or monitoring to notice). Are these kind of things typical in such an environment? Is there anything I can do to help keep everyone happily talking to one another and improve everyone's experience? Any help or insight you may be willing to share would be apprciated.
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

Thread Tags:
  discuss-at-studiosysadmins 

Response from Ken Spickler @ May 10, 2018, 6:25 p.m.
Check the system clock and set it to sync with the AD server or another NTP source that AD syncs with.  If the clock drifts too much youll have that problem.



On May 10, 2018, at 8:52 AM, Brandon Lindauer <brandon@thelindauers.com> wrote:

For years Ive seen Macs come up with Network Accounts Unavailable on the login screen, and totally ignored it. Nine times outta ten I can still login and auth against AD. So I would say dont trust that little red dot. But Ive also seen Macs go stupid with their binding. It just happens randomly and occasionally they need to be rebound. Not too often, mind you, but enough that its  noticeable. Once you rebind everything is fine.I did some investigating once and found a correlation between many of these instances and the ADs process of resetting the machine password. Apparently there can be a communication issue in that process between the AD and Mac where the Mac never gets the updated pw, it expires. Mind you correlation does not equal causation, and thats as far as I ever got.
Make sure your DNS is good, use mobile accounts, and dont forget to offer your firstborn as a sacrifice to the Apple Gods! 

On May 9, 2018, at 11:43 AM, William Sandler <william.sandler@allthingsmedia.com> wrote:

We have to reboot macs sometimes in order for the "network accounts are unavailable" message to go away.  Luckily our Macs all have SSDs so a reboot isn't the end of the world but it's still annoying.   

William Sandler
All Things Media, LLC
william.sandler@allthingsmedia.com

On Wed, May 9, 2018 at 12:53 PM Daniel Cox <content@studiosysadmins.com> wrote:
I'm the Active Directory Admin at my company. We have a mixed environment of Mac's, Windows (Servers and workstations), and Linux (Servers) all on Active directory. I am trying to find out if our heartache with Mac's is typical in such a mixed environment or if it is unusual and I need to do some thing to make it more stable. The big issue that we see is that the Macs seem to stop talking to AD and require a reboot to get them going again and utilizing the central authentication. However in more problematic cases we have to unbind and re-bind the Macs to AD to get things working again. Now I have had Windows machines in the past go dumb and need to be re-added to AD so I know it is possible but with the Macs it seems like every week at least a couple need this to get working again. As far as we can tell there is no network issues that are dropping connections (at least not for long enough for a human or monitoring to notice). Are these kind of things typical in such an environment? Is there anything I can do to help keep everyone happily talking to one another and improve everyone's experience? Any help or insight you may be willing to share would be apprciated.
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

0 Plus One's     0 Comments  
   

Response from Brandon Lindauer @ May 10, 2018, 11:55 a.m.
For years Ive seen Macs come up with Network Accounts Unavailable on the login screen, and totally ignored it. Nine times outta ten I can still login and auth against AD. So I would say dont trust that little red dot. But Ive also seen Macs go stupid with their binding. It just happens randomly and occasionally they need to be rebound. Not too often, mind you, but enough that its  noticeable. Once you rebind everything is fine.I did some investigating once and found a correlation between many of these instances and the ADs process of resetting the machine password. Apparently there can be a communication issue in that process between the AD and Mac where the Mac never gets the updated pw, it expires. Mind you correlation does not equal causation, and thats as far as I ever got.
Make sure your DNS is good, use mobile accounts, and dont forget to offer your firstborn as a sacrifice to the Apple Gods! 

On May 9, 2018, at 11:43 AM, William Sandler <william.sandler@allthingsmedia.com> wrote:

We have to reboot macs sometimes in order for the "network accounts are unavailable" message to go away.  Luckily our Macs all have SSDs so a reboot isn't the end of the world but it's still annoying.   

William Sandler
All Things Media, LLC
william.sandler@allthingsmedia.com

On Wed, May 9, 2018 at 12:53 PM Daniel Cox <content@studiosysadmins.com> wrote:
I'm the Active Directory Admin at my company. We have a mixed environment of Mac's, Windows (Servers and workstations), and Linux (Servers) all on Active directory. I am trying to find out if our heartache with Mac's is typical in such a mixed environment or if it is unusual and I need to do some thing to make it more stable. The big issue that we see is that the Macs seem to stop talking to AD and require a reboot to get them going again and utilizing the central authentication. However in more problematic cases we have to unbind and re-bind the Macs to AD to get things working again. Now I have had Windows machines in the past go dumb and need to be re-added to AD so I know it is possible but with the Macs it seems like every week at least a couple need this to get working again. As far as we can tell there is no network issues that are dropping connections (at least not for long enough for a human or monitoring to notice). Are these kind of things typical in such an environment? Is there anything I can do to help keep everyone happily talking to one another and improve everyone's experience? Any help or insight you may be willing to share would be apprciated.
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

0 Plus One's     0 Comments  
   

Response from Greg Dickie @ May 9, 2018, 3 p.m.
ya, that's my experience as well. I've also seen issues with other types of clients so maybe it's our AD ;-)
On Wed, May 9, 2018 at 2:43 PM, William Sandler <william.sandler@allthingsmedia.com> wrote:
We have to reboot macs sometimes in order for the "network accounts are unavailable" message to go away. Luckily our Macs all have SSDs so a reboot isn't the end of the world but it's still annoying.

William Sandler
All Things Media, LLC
william.sandler@allthingsmedia.com

On Wed, May 9, 2018 at 12:53 PM Daniel Cox <content@studiosysadmins.com> wrote:
I'm the Active Directory Admin at my company. We have a mixed environment of Mac's, Windows (Servers and workstations), and Linux (Servers) all on Active directory. I am trying to find out if our heartache with Mac's is typical in such a mixed environment or if it is unusual and I need to do some thing to make it more stable. The big issue that we see is that the Macs seem to stop talking to AD and require a reboot to get them going again and utilizing the central authentication. However in more problematic cases we have to unbind and re-bind the Macs to AD to get things working again. Now I have had Windows machines in the past go dumb and need to be re-added to AD so I know it is possible but with the Macs it seems like every week at least a couple need this to get working again. As far as we can tell there is no network issues that are dropping connections (at least not for long enough for a human or monitoring to notice). Are these kind of things typical in such an environment? Is there anything I can do to help keep everyone happily talking to one another and improve everyone's experience? Any help or insight you may be willing to share would be apprciated.
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe



--


Greg Dickie
just a guy514-983-5400

0 Plus One's     0 Comments