Ds Error Code 14009
Contents |
Re:
Dscl Create Invalid Path
the above article. However, the secondary AD server has two A records. I didn't set it up, so I'm not sure immediately edsrecordnotfound what the reasoning for that is. But the 10.10.13.252 address does not respond to pinging from anywhere as far as I can tell, which I would guess is the cause of these errors. As far as I can tell, the 10.10.13.252 record is not needed, and I wouldn't be surprised if it is causing more than one problem. My best guess is that the 10.10.13.252 record was added manually to the AD DNS in error, and can safely be removed by hand from the DNS. If you have a hint on something else in AD that might have propagated the record, I'm happy to hear it. But this system has been worked on by half a dozen people who are no longer available for comment, and my guess is its simply cruft. Thanks! Below is sample output from dig: $ dig -t SRV _ldap._tcp.thecjm.lan ; <<>> DiG 9.4.3-P3 <<>> -t SRV _ldap._tcp.thecjm.lan ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53955 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3 ;; QUESTION SECTION: ;_ldap._tcp.thecjm.lan. IN SRV ;; ANSWER SECTION: _ldap._tcp.thecjm.lan. 600 IN SRV 0 100 389 cjm-dc2.thecjm.lan. _ldap._tcp.thecjm.lan. 600 IN SRV 0 100 389 cjm-dc1.thecjm.lan. ;; ADDITIONAL SECTION: cjm-dc2.thecjm.lan. 3600 IN A 10.10.11.2 cjm-dc2.thecjm.lan. 3600 IN A 10.10.13.252 cjm-dc1.thecjm.lan. 3600 IN A 10.10.11.1 ;; Query time: 9 msec ;; SERVER: 10.10.11.1#53(10.10.11.1) ;; WHEN: Wed Jan 19 11:10:13 2011 ;; MSG SIZE rcvd: 163 On Jan 18, 2011, at 7:48 PM, Mike Reed wrote: > > Offhand, it sounds like you're getting a list of DC's from DNS that's not correct - i.e. there's a DC still listed in DNS that doesn't actually exist in your environment or you can't query. > > More than likely, that DC is a GC, too, so you're catching DS as it's reconstructing the AD GC node. > > So, I'd check DNS - every server, but starting with t
Slacks, MacJamesIsIn There is this thing that happens from time to time where a Mac on our network will get confused about the local administrator account. For whatever reason it thinks it's a domain administrator account. If you were to run id as that user you would see a bunch of domain related information which should not be there. Perhaps the reason for this relates to the fact that we use a name for the local administrator account which is the same as a name we use for a domain-level account. I didn't set it up this way, and I'm advocating for a change. We shall see. https://lists.apple.com/archives/macos-x-server/2011/Jan/msg00266.html Regardless, usually when this happens (and it's pretty easy to notice since the dock is reverted to default and the user doesn't have write permissions to even their desktop) I can get the correct administrative account back by a restart. Today for one machine this was not working. Also, while it is in this state the administrator account can't open the System Preferences. The only other administrative account was a domain user http://jamesisin.com/a_high-tech_blech/index.php/2012/05/the-mac-that-broke-the-administrator-account-and-how-i-fixed-it/ (mobile account). Unfortunately I was not able to log into that account at all as log in would hang at each attempt. Tough situation: can't log in as a real local administrator so I can't fix any of this mess. I found this article which offered a solution for creating and elevating an account from the command line. This article uses a slash as the location identifier (/), but that was not working for me. Others said localhost would work, but I couldn't get that to work either. In the end I used the dot (.) and that allowed these commands to do their jobs. Also, the article neglects to mention that you must use sudo to run these commands successfully. Without using sudo you will likely get this error:
JNUC 2016 Sessions Mini Events Discussions Overview User Groups JAMF Nation Global Foundation DOCUMENTATION Casper Suite Admin's Guide All Product Documentation OTHER Store Job Board JAMF Software Log In JAMF Nation, hosted by JAMF https://jamfnation.jamfsoftware.com/discussion.html?id=6664 Software, is a dynamic and knowledgeable community of Apple-focused IT admins and Casper Suite users. Join us in person, in October, for the annual JAMF Nation User Conference (JNUC) to discover new and better ways to manage Apple devices. CLOSE Learn more about JNUC 2016 CLOSE 2 Destroy managed mobile user accounts Posted: 2/22/13 at 4:15 PM by Sean_M_Harper Currently I run ds error the following script to destroy the managed mobile user accounts left behind on machines (such as in my LMC computer labs). It appears to work, but the script (when run via Remote) claims to fail. I have listed the log below the actual script. Is there something I am missing, or perhaps a better way to write this script? Any help ds error code would be great! Script: dscl . -delete /Users/ dscl . list /Users | grep -v "_" #!/bin/bash UserList=/bin/ls /Users | /usr/bin/grep -v "Shared"\ for u in $UserList ; do if [[ `/usr/bin/dscl . read /Groups/admin GroupMembership | /usr/bin/grep $u -c` == 1 ]] then /bin/echo "Admin account detected skipping..." else /usr/bin/dscl . delete /Users/$u && /bin/rm -rf /Users/$u fi done Log (example): /usr/sbin/jamf is version 8.61 Executing Policy 2013-02-22 at 4:06 PM | amccutchan | 1 Computer... Mounting afp://10.5.10.33/CasperShare to /Volumes/CasperShare... Running script mobile_users_destroy.sh... Script exit code: 185 Script result: