ADmitMac 1.1.1 only allows local Mac OS X administrator rights to be given to one AD user and one AD group. The AD group has several restrictions.
The first is that only one AD group can be given administrative rights. This group is specified in the ADmitMac configuration. In this article, we will refer to this group as the local administrator group. There can be only one local administrator group.
The second restriction is that ADmitMac does not support nested groups. Therefore, the administrator rights will only be given to the user objects contained within the local administrator group. It will not work for user objects contained within group objects that are listed in the local administrator group.
For example, an AD group called "Mac_Admins_LG" has been specified as the local administrator group for a Mac with ADmitMac. The group has the following user and group objects:
In this example, only adams, joecool, and truman will have local administator rights a Mac OS X computer. Any user objects in Mac_Techs_GG will not.
