• ad
• /
• binding-macs

• Immutable Page
• Comments
• Discussion
• Info
• Attachments
• More Actions ▼
  • Raw Text
  • Print View
  • Delete Cache
  • Like Pages
  • Local Site Map
  • Copy Page
  • Package Pages
  • Load
  • Save
• User (login)
• Recently Viewed ▼
  • copiers/installing-pc
  • networking/standards
  • operating-systems/mac-osx
  • FileMaker
  • ad/binding-pcs
  • file-shares
  • connecting
  • databases/filemaker
  • computers/serial-numbers
  • copiers/installing-leopard
  • databases/mysql
  • email/standards
  • server-hosting
  • databases/filemaker/tips
  • databases/sed-it

Binding Macs to AD

Account Requirements

• Only those who have run SED Webnew can login.

• You must use an "-adm" account to join the machine.
• You cannot login with an -adm account, so your administrators group needs to include non-adm accounts.
• If an account doesn't work for joining or logging in, check with the OIT AD Administrators to see if the password encryption needs to be changed or Webnew re-run on the account.

Machine Requirements

• Must be 10.5.3 or later

Instructions

Based on http://www.bu.edu/pcsc/desktop/ad/AD-OD/AD-OD_10.5.2.pdf

Join the machine to AD

1. Applications -> Utilities -> Directory Utility

2. Click on the +
3. Change the type to Active Directory
4. Put "ad.bu.edu" in for the Domain
5. Put in the machine name (sed-username or sed-username-laptop or sed-department-1)
6. Put in your -adm username
7. Put in your -adm password
8. Click okay.

Configure the machine

1. If you get a successful join, click on Services
2. Double-click on Active Directory
3. Open Advanced Settings
4. Under User Experience:
   1. Check "Create mobile account at login" if setting up a laptop
   2. Uncheck Use UNC Path...
5. Under Mappings:

   1. Set bu-ph-index-id-numeric for the UID attribute

6. Under Administrative:
   1. Add "AD\SED-IT" to the list of administrative groups.
   2. Add any other groups that should be administrators. The primary user should be an administrator.
   3. Click OK

7. Under System Preferences -> Accounts -> Login Options be sure to:

   1. Set Automatic Login: Disabled
   2. Set Display login windows as: Name and password
   3. Set Allow network users to login to this computer

8. Go to System Preferences -> Sharing and set the sharing name to be the same as the AD name. This is optional but will reduce confusion.

If this is the first time you have joined THIS computer to AD

1. Go to the Active Directory Users and Computers plug-in on a Windows box and move the machine to the correct OU, inside the SED top level OU.

2. Go here: https://oit-uwa.bu.edu/users/macadm/default.aspx and give the mac access.

3. Verify that the computer is a member of SED-VIEW-ADMINISTRATORS (Properties -> Member of)

Try it out!

1. Reboot and test!
2. If it fails, log back in with an local administrator account, and turn off and then back on "Force local home directory". This has worked in several cases.

Additional Settings

1. Make active directory share logins easier: run defaults write /Library/Preferences/com.apple.NetworkAuthorization UseShortName -bool YES  from the command line.