Dns not updating active directory
In rare circumstances, you may be unable to do a clean unbind from Active Directory.To get a fresh start with the Active Directory connector, remove the files that are associated with the Active Directory connector, kill [There is no output from these commands.] /Library/Preferences/
Before you begin, verify that you are not experiencing binding issues; for instructions, see the section “Troubleshooting Binding Issues” earlier in this chapter.Be sure to include the colon, otherwise you will see each of the numerous entries that mentions “Active Directory”; the messages relating specifically to binding include the colon character.The following figure illustrates only a portion of the large amount of information in the debug log that starts with “Active Directory:” during a successful bind: The binding process is sensitive to DNS records, so make sure that you specify the Active Directory DNS service in the Network preference of System Preferences, and that port 53 (UDP and TCP, used for DNS requests and replies) to the DNS service is not blocked.The process for logging in with an Active Directory network user is similar to the process of logging in with a network user from other directory services.You can use the troubleshooting techniques in Chapters 2 and 3, which include scenarios in which Open Directory accesses user records from Active Directory and uses mount, computer, and group records (including attributes for managed preferences) from Open Directory.Understanding the process can help you isolate any problem that might crop up.
When binding, you must provide an Active Directory user name and password.
If your Active Directory DNS is incorrectly configured, you may experience problems binding Mac OS X to Active Directory.
The Active Directory connector requires several DNS service records (SRV) in order to determine which hosts provide certain services on certain protocols.
Try to determine if the login problem is related to identification, authentication, or authorization. To confirm that you can use the Verify that your Active Directory node is listed in your authentication search path.
Check to see if you can authenticate as the Active Directory user.
Kerberos should reference your Active Directory Kerberos domain.