Fix for slow AD logins/joins caused by macAddress query
Posted: June 13, 2008 | Author: Kyle Crawford | Filed under: Active Directory, Deployment, Mac OS X | Tags: 10.5, ActiveDirectory.plist, AD plugin, Leopard, macAddress, mapping, R2 schema, slow logins |2 Comments »I’ve been hassling Apple about this issue for quite a while.
Apple has two workarounds for this problem:
1.) Index the macAddress attribute in AD. Even though the macAddress is not part of the Computer class by default, the AD plugin queries on it for joins ( to ensure the the computer that you are adding doesn’t already exist ), and for MCX ( managed client information ). Normally I would frown on any changes to AD since the Enterprise doesn’t like making changes to their infrastructure just to support Macs. However, supposedly in Windows 2008 Server, the macAddress attribute is indexed by default, so at least their is some justification there.
2.) If you’d prefer to make changes on your client machines rather than bother your AD administrators with a Mac-specific fix, remove the ENetAddress mapping from /Library/Preferences/ActiveDirectory.plist. The lines to remove look like this:
<key>1.3.6.1.1.1.1.22</key>
<string>dsAttrTypeStandard:ENetAddress</string>
The key is the OID for the macAddress attribute in AD.
The string value is the mapping to a native Open Directory attribute, which Apple calls ENetAddress.
Update:
You’ll also need to remove /Library/Preferences/DirectoryService/ActiveDirectoryDynamicData.plist as this file also contains the cached mappings.
Then killall -9 DirectoryService or reboot the machine.
Is there a way to remove the two entries easily with defaults? I couldn’t get it to work with them being nested. The only method that did work, was using sed.
[...] 10.5.3, most of these problems are resolved. If you are still having slow logins/joins, there are possible workarounds. Posted in Active Directory, Deployment, Mac OS X, Mac OS X Server. Tags: 10.5, Active Directory, [...]