Server Admin 10.4 Help

Setting Up a Server as a Primary Domain Controller

Using Server Admin, you can set up Mac OS X Server as a Windows primary domain controller (PDC). The PDC hosts a Windows domain and provides authentication services to other domain members, including authentication for domain login on Windows workstations. If no domain member server is available, the PDC server can provide Windows file and print services, and it can host user profiles and home directories for users who have user accounts on the PDC.

IMPORTANT:   When setting up Mac OS X Server as a PDC, make sure your network doesn't have another PDC with the same domain name. If you want to set up additional domain controllers, make them BDCs.

1. Make sure the server is an Open Directory master.

   To determine whether a server is an Open Directory master, open Server Admin, select Open Directory for the server in the Computers & Services list, then click Overview. The first line of status information states the server's Open Directory role. To learn more about Open Directory masters, see Open Directory Overview.

2. In Server Admin's Computers & Services list, select Windows for the Open Directory master server.
3. Click Settings (near the bottom of the window), then click General (near the top).
4. Choose Primary Domain Controller (PDC) from the Role pop-up menu, then enter a description, computer name, and domain.
   • Description:  This description appears in the Network Places window on Windows computers, and it is optional.
   • Computer Name:  Enter the name you want Windows users to see when they connect to the server. This is the server's NetBIOS name. The name should contain no more than 15 characters, no special characters, and no punctuation. If practical, make the server name match its unqualified DNS host name. For example, if your DNS server has an entry for your server as "server.example.com," give your server the name "server."
   • Domain:  Enter the name of the Windows domain that the server will host. The domain name cannot exceed 15 characters and cannot be "WORKGROUP."
5. Click Save.
6. Enter the name and password of an LDAP directory administrator account, then click OK.

When authenticating, you must use an LDAP directory administrator account. You can't use a local directory administrator account, such as the primary server administrator account (user ID 501), to create a PDC.

After setting up a PDC, you may want to change access restrictions, logging detail level, code page, domain browsing, or WINS registration. Then if Windows services aren't already running, you can start them. For instructions, click a topic below:

• Changing Windows Services Access Settings
• Changing Windows Services Logging Settings
• Changing Windows Services Advanced Settings
• Starting Windows Services

You can also set a server's role in providing Windows services by using the 'serveradmin' command in Terminal. For more information, see the file services chapter of the command-line administration guide.