How to Manage User Groups with Lion Server Workgroup Manager
How to Create an Open Directory Replica Servers Using Lion’s Server Admin
DNS Settings to Integrate Lion Server in Active Directory

Check DNS Setting before Lion Server Open Directory Deployment

If, during your initial Lion Server setup, you configured Server Assistant so that it created an Open Directory master for you, it should have also set up DNS. If you didn’t do this configuration during initial setup or have a DNS server running on another server, you’ll need to ensure that DNS is configured to support Open Directory.

Properly configured DNS is critical to the configuration and normal operation of an Open Directory domain. All Open Directory servers need static IP addresses, a zone with the host domain name, and two types of records: a fully qualified DNS address (A) and pointer (PTR) records. Verify the server’s DNS records prior to promoting a Mac OS X Server to either master or replica status.

In an A record, also called a machine record, the system’s hostname is resolved to an IP address. That is, when another computer requests the IP address for a given domain name, the machine record supplies it. A pointer (PTR) record, also known as a reverse lookup, resolves a domain name for any given IP address. Reverse resolution inquires about an IP address and returns the hostname.

By default, the domain’s LDAP search policy and Kerberos realm are the same as the fully qualified hostname of the Open Directory master and are generated when a server’s role is changed to master. Without correct DNS records, promotion to an Open Directory master or replica will likely fail or create only a partially functional domain.

If you don’t mind typing a one-line command in the Terminal utility, you can easily verify that DNS forward and reverse lookup are configured correctly. Type this, exactly:

sudo changeip -checkhostname

If forward and reverse DNS are working correctly, you see this, but with your server information:

Primary address =
Current HostName =
DNS HostName =
The names match. There is nothing to change.
dirserv:success = "success"
blog comments powered by Disqus
Considerations for Implementation of Lion Server’s Open Directory
How to Create an Open Directory Master Using Lion’s Server Admin
How to Configure Single Sign-On for Mac Clients in Lion Server
How Single Sign-On Authentication Works in Lion Server
Troubleshooting and Getting Help with Lion Server on Active Directory