Apple: How to Bind a Mac to Active Directory Domain
Awhile ago I wrote some documentation on how to Bind a Mac (specifically a Macbook Pro) running OS X 10.8 to Windows Active Directory Domain. I hope this helps some of you out.
*NOTE* this has been tested with Mac OS X 10.8.
Binding Mac to Active Directory:
1. Create an computer within the appropriate OU in Active Directory
2. Make sure that your Mac is connected via a RJ45 cable (you cannot do this using the WiFi)
3. Log into your Mac with the Administrator account or know the Administrator Log in and Password.
4. Go to System Preferences (located under the Apple Symbol, top left corner)
5. Click on the Sharing section
6. Unlock this panel by clicking on the Lock icon in the bottom left hand corner
7. You will notice that the ‘Computer Name’ Section is now NOT grayed out
8. Click on the Edit Button
9. Type in the Computer Name that you have created within Active Directory
1. Make sure that the Local Hostname and the Dynamic Global Host name are the same
2. Add in your user name and password you use within AD (not your bang)
10. Click OK
11. Go Back, then..
12. Click on Users & Groups
13. Unlock this panel by clicking on the Lock icon in the bottom left hand corner
14. Once Unlocked, click on ‘Login Options’
15. On the right hand side, click on the ‘Edit’ button, this will open a dialogue box.
1. If you have previously added a ‘Network Account Server’, it will be displayed here
2. If there are no previous ‘Network Account Server’s’ available, click on the ‘Open Directory Utility’ box
16. Once the ‘Open Directory Utility’ box is open, unlock it by clicking on the lock in the bottom left hand corner
17. Double Click on Active Directory (if using Active Directory)
18. Add the following in the Dialogue box:
1. Active Directory Forest: ad.contoso.com
2. Active Directory Domain: contoso.com
3. Computer ID: “Whatever you named your computer previously” (Make sure that it is spelled the exact same)
1. There are more options available, but this is totally up to you:
1. If you have multiple active directory domains that you connect to, you can set a primary for the machine to always look for.
2. Click on ‘Show Advanced Options’, then the ‘Administrative’ tab.
3. Make sure ‘Prefer this domain server’ is checked and enter the domain you wish to prefer.
2. You can also allow ‘Administration’ by other groups within the domain.
1. If you are joining a Mac that will be supported by the ‘Domain Group’, please add ‘Domain Admins’ security group to this machine.
2. You do this, but making sure ‘Allow administration by’ is checked and you click the plus sign to add ‘Security Groups’
19. Press ‘OK’
20. Click ‘Apply’
21. Once back to the Users & Groups windows, make sure that ‘Allow network users to log in at login window’ is checked
1. If you click the ‘Options…’ button, you can specify individuals that will access to log in or leave it as it’ standard ‘All Network Users’
22. Restart the machine
23. Once the machine has rebooted you can enter a local account or a network account.
1. When entering the network account, I have found that it is not necessary for you to enter the domain before the user name, but you can do so either way.