Sponsors
Sponsor Products
Mac's and Active Directory issues: Are we the only ones?
posted by Zorion Terrell  on May 9, 2018, 5:10 p.m. (12 days ago)
3 Responses     0 Plus One's     0 Comments  

What version of OSX? What Version of AD?

 

I used to have issues with Macs back in the day but for the past couple years things have been stable for the ones we have (10ish).

 

We have multiple AD sites Globally under a single domain and the Macs dont seem to have issues there either. Do you have all your subnets defined in AD Sites and Services? Ive seen that not be configured which clients need in order to ensure they connect to the servers in the correct site.

 

 

Zorion Terrell

IT Manager | DHX Studios

e: zorion.terrell@dhxmedia.com

t: 604-684-2363 | m: 604-562-5148

380 West 5th Ave

Vancouver, BC Canada V5Y 1J5

 

Email Signature_DHX_Media

 

From: studiosysadmins-discuss-bounces@studiosysadmins.com <studiosysadmins-discuss-bounces@studiosysadmins.com> On Behalf Of Adam Barnett
Sent: Wednesday, May 9, 2018 12:27 PM
To: studiosysadmins-discuss@studiosysadmins.com
Subject: Re: [SSA-Discuss] Mac's and Active Directory issues: Are we the only ones?

 

We have had the same things. 

 

Things I have noticed in the past is that the time on the Mac drifts even when we set it to use our ntp severs. 

 

I am not sure how your dcs are setup but we have ours in round robin and for what ever reason a Mac will try and contact one in another site instead of the local one. ( I had to watch the traffic coming out of a Mac one day to find out ) 

 

In the end I just wrote a script that will check thing AD binding and will just rebound when needed 

 

The other option you could do is to restart launchd opendirectoryd which also fixes things.

 

I never did get to the bottom of it and just came to the conclusion that OS X sucks with AD 


On 9 May 2018, at 19:59, Greg Dickie <greg@justaguy.ca> wrote:

ya, that's my experience as well. I've also seen issues with other types of clients so maybe it's our AD ;-)

 

On Wed, May 9, 2018 at 2:43 PM, William Sandler <william.sandler@allthingsmedia.com> wrote:

We have to reboot macs sometimes in order for the "network accounts are unavailable" message to go away.  Luckily our Macs all have SSDs so a reboot isn't the end of the world but it's still annoying.   


William Sandler
All Things Media, LLC
william.sandler@allthingsmedia.com

 

 

On Wed, May 9, 2018 at 12:53 PM Daniel Cox <content@studiosysadmins.com> wrote:

I'm the Active Directory Admin at my company. We have a mixed environment of Mac's, Windows (Servers and workstations), and Linux (Servers) all on Active directory. I am trying to find out if our heartache with Mac's is typical in such a mixed environment or if it is unusual and I need to do some thing to make it more stable. The big issue that we see is that the Macs seem to stop talking to AD and require a reboot to get them going again and utilizing the central authentication. However in more problematic cases we have to unbind and re-bind the Macs to AD to get things working again. Now I have had Windows machines in the past go dumb and need to be re-added to AD so I know it is possible but with the Macs it seems like every week at least a couple need this to get working again. As far as we can tell there is no network issues that are dropping connections (at least not for long enough for a human or monitoring to notice). Are these kind of things typical in such an environment? Is there anything I can do to help keep everyone happily talking to one another and improve everyone's experience? Any help or insight you may be willing to share would be apprciated.

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe



 

--



Greg Dickie
just a guy

514-983-5400

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


Thread Tags:
  discuss-at-studiosysadmins 

Response from Daniel Cox @ May 14, 2018, 4:47 p.m.
Hi Zorion Our environment has systems from El Capitan to High Sierra and our DC's and AD is all 2012. We also only have a single doman, subnet, and only to DC's so systems trying to connect to the wrong one is unlikely. Hi Adam I have always been surprised by how much drift I see in the Mac Clocks but typically we check that they are within 5 minutes of AD before we assume it is a time issue. I'll check if the restart launchd opendirectoryd works for us or not. I am glad I'm not the only one with issues with Macs.

0 Plus One's     0 Comments  
   

Response from Daniel Cox @ May 14, 2018, 4:47 p.m.

Hi Zorion

Our environment has systems from El Capitan to High Sierra and our DC's and AD is all 2012.  We also only have a single doman, subnet, and only to DC's so systems trying to connect to the wrong one is unlikely.


Hi Adam

I have always been surprised by how much drift I see in the Mac Clocks but typically we check that they are within 5 minutes of AD before we assume it is a time issue.   I'll check if the restart launchd opendirectoryd works for us or not.  I am glad I'm not the only one with issues with Macs.


0 Plus One's     0 Comments  
   

Response from Daniel Cox @ May 14, 2018, 4:46 p.m.

Hi Zorion

Our environment has systems from El Capitan to High Sierra and our DC's and AD is all 2012.  We also only have a single doman, subnet, and only to DC's so systems trying to connect to the wrong one is unlikely.

 

Hi Adam

I have always been surprised by how much drift I see in the Mac Clocks but typically we check that they are within 5 minutes of AD before we assume it is a time issue.   I'll check if the restart launchd opendirectoryd works for us or not.  I am glad I'm not the only one with issues with Macs.


0 Plus One's     0 Comments