Server App versus Workgroup Manager to Manage Accounts in Lion Server
Lion Server has two functions to manage: services and accounts. The Server app tool can handle both. You can use the Server app to manage user services such as file sharing, web services, and e-mail, as well as for managing accounts. It provides a simple, well-designed interface that hides details that you may not need to bother with, but also has some hidden management features that you may need.
For more advanced management of the same database of accounts, you can use Workgroup Manager. Apple hasn’t upgraded Workgroup Manager for several releases of Mac OS X Server, and the user interface reflects this. It doesn’t use standard Apple interface elements such as the gear-icon pop-up menus, making it difficult to browse around and figure things out.
For managing accounts, use the Server app when possible, as it requires fewer actions to accomplish some of the same tasks.
Still, Workgroup Manager provides access to settings that aren’t available in the Server app. It allows for editing the raw data in the Lightweight Directory Access Protocol (LDAP) database. In addition to managing user and group accounts, Workgroup Manager manages computer accounts and computer lists.
While both utilities also let you configure clients from the server, they use two completely different methods. You can use both methods to manage your clients.
The Server app uses the Profile Manager to push settings to Mac, iPhone, and iPad clients. Workgroup Manager can set preferences settings for Mac clients in the shared directory domain and lets you define which applications users are permitted to launch. Workgroup Manager’s managed preferences work with any Mac clients. Profile Manager works only on Macs running Lion, though it also supports the iPad, iPhone, and iPod touch.
After your Open Directory domain grows to a master server and one or more replica servers, connect the Server app or Workgroup Manager to the master server only. Replicas and bound servers contain read-only user databases that can’t be modified by the server tools.