Brightrev

In my second Mac OS X and Windows integration article, I cover how to add your Mac to Active Directory with Apple's built-in tools. Adding Macs to your AD domain allows users to login to all of your local Macs rather than creating local or guest accounts on every Mac.

To add your Mac to Active Directory, you'll need to use the Mac's Directory Access tool, which you can open either by searching Spotlight or by opening Finder -> Applications -> Utilities- -> Directory Access.

In Directory Access, click the lock icon to make changes and then input your Mac's local admin user and password. Click the checkbox to enable Active Directory and then click the Configure... button.

You'll need two pieces of information:

1. The DNS name of your AD domain
2. The computer name you'd like entered into AD.

My local Active Directory domain name is federation.local, and I chose the computer name macmini, as you'll see below. Under Advanced Options, I selected the Create mobile account at logon field so that Mac users can logon with cached credentials when they can't reach a domain controller or are away from the network. I deselected the Require Confirmation field, because I want all the Mac users on this machine to use mobile accounts. When you're finished entering information, click OK. 

You'll be asked to enter AD domain credentials with permission to add workstations to the domain.

The final step is to change your workgroup from the default setting to your domain name. Click SMB/CIFS and then click the Configure... button. Select the correct workgroup name from the drop down list, as shown below.

Note: I don't use WINS on my network, as it's unnecessary for both Windows and Macs on AD domains.

If you look in AD users and Computers, you'll see that the Mac has been added with the name you specified above.

Next time you logon to your Mac, click the Other... button on the logon screen and use domain/username as your logon information, like this:

You should now be logged on to your Mac with Active Directory credentials.

Update: Mac OS X Tiger 10.5.0 through 10.5.2 has major Active Directory bugs.  These bugs cause problems binding to AD, extremely slow logon and performance problems with your Mac.  MacWindows.com has a special report about the issues here.  I use a .local Active Directory domain and had to turn off Bonjour to fix the issues.  Be aware that turning Bonjour off can break applications, file sharing and printing to other machines.

Comments (0)

Show/Hide comment form