Managing Accounts with Workgroup Manager
As Uncle Ben Parker reminds fans of Spider-Man, “With great power comes great responsibility.” Workgroup Manager has great power for modifying the directory databases in Lion Server, so care in understanding the ability of this server tool is critical to healthy account management.
Unlike in previous versions of Mac OS X Server, Workgroup Manager is not installed with Lion Server. You must download it separately from Apple as part of the Server Admin Tools package, which also includes Server Admin. Look for it at www.apple.com/support/downloads.
You can open Workgroup Manager installed on any Mac OS X 10.7 computer connected to the same network as the Open Directory master (see Chapter 6). For the most consistent results in Workgroup Manager, connect directly to the Open Directory master. Don't connect to replica servers or any server bound to the directory. Replica servers contain read-only copies of the directory databases that are periodically synchronized from the master, so editing accounts on replicas forces directory updates on the master from the replica; instead, the master needs to update the replicas.
Connecting to the server and authenticating to the directory
Open Workgroup Manager from the /Applications/Server folder. Workgroup ...