How to Manage User Groups with Lion Server Workgroup Manager
If you are managing users in an Active Directory environment, you need to add the users from Active Directory to your Lion Server Open Directory domain.
Doing so is necessary because Active Directory manages the permissions and policies of the users in an Active Directory environment. Active Directory user information isn’t directly translatable to a Mac client. Open Directory serves as the mechanism to implement client management policies similar to the policies that Windows clients enjoy from Active Directory.
Adding users from Active Directory is as simple as dragging and dropping users into Open Directory, which you can do with Workgroup Manager, found in /Applications/Server. Follow these steps:
Open Workgroup Manager.
Workgroup Manager asks you to authenticate with your local server manager username and password to connect to the local server.
Enter your local admin username and password and then click OK.
Workgroup Manager opens.
Click the lock icon to bring up an authentication dialog to allow changes to Open Directory.
An authentication dialog opens.
Enter the username and password and then click OK.
This time you will enter the credentials for the Open Directory administrator which may be different than the local admin credentials in step 2.
Click the Accounts icon in the toolbar (the default) and then click the Groups icon.
You’ll find the Groups icon directly below the Accounts icon.
Click the New Group icon in the toolbar.
Workgroup Manager creates a new group with a group ID (GID).
Type a name for the group in the Name text box.
The name can include characters, numbers, and spaces. The short name is automatically created and will abide by Unix naming conventions, so you’re free to name the group any way you like. You can also supply a path to an icon by entering the path in the Picture Path text box and a comment, but this isn’t necessary.
Click the Members tab.
A blank members table opens.
Click the Add (+) button near the upper right to display the Open Directory users list.
A drawer slides open on the right or left, listing the names of Open Directory users.
Click the directory menu to access the Active Directory domain.
A list of Active Directory users for your domain is returned. All records may not appear in the list, but you can gain access to any user record in the domain via the search field.
Copy the records you want to manage from the drawer list to the user list in the main window.
Just drag and drop.
After you identify all records that you want to manage, click the Save button.
At this point, Active Directory is managing authentication for the users in the groups. You can further specify user preferences under the Preferences pane.