Add Mac OSX 10 7 or 10 8 to Active Directory
Posted by (Inactive) Will McCalley, Last modified by (Inactive) Will McCalley on 10 April 2013 09:05 AM
1. Change computer name under system preferences -> sharing -> computer name.
2. Add this computer name into AD using the RA tool.
3. System Preferences -> Users & Groups -> Login Options.
4. Click the lock to make changes.
5. Click “Join” under Network Account Server.
6. Click “Open Directory Utility”
7. Click the lock to make changes.
8. Double-click “Active Directory”.
9. Then click “Show Advanced Options”.
10. Make several changes.
a. Set Active Directory Domain to ad.uab.edu.
b. Check “create mobile account at login” box.
c. Select “Administrative” tab.i. check “Allow Administration by”. Delete “Domain Admins” and “enterprise admins”; add in !domadmins (or !pbnadmins, whatever the OU admin group is).ii. Also uncheck “allow authentication from any domain in the forest”.
11. Click “Bind”.
12. Change the Computer OU to the actual OU. Enter in your blazerID & password to connect. (Regular blazerID & password will do; no need for the !credentials).
13. Answer “OK” to the “join existing account” popup.
14. There is no indication that the bind has worked, other than the “Bind” button changes to “Unbind”.
15. Click the “User Experience” tab again, and uncheck the “Require confirmation before creating a mobile account” box. (Binding to the domain selects this box for you…how helpful).
16. Click “OK”.
17. Next, click on “Search Policy” in Directory Utility.
18. Click the entry for /Active Directory/UAB/All Domains, click the (-) sign to delete.
19. Confirm Deletion.
20. Click the (+) button.
21. Highlight ad.uab.edu & click Add. Repeat for uab.edu.
22. Click “Apply”, then close the Directory Utility by clicking the red dot.
23. The Login Options now shows UAB as the network account server.
24. Change “Display login window as:” to “Name and password”. Then Close out the Login Options window by clicking the red dot.
25. Now open up a terminal window (click empty spot in desktop, go -> utilities -> double-click Terminal). Run the command: sudo scutil –set HostName machinename.ad.uab.edua. machinename = name added to AD using the RA tool.b. You will have to type the local computer administrator password when prompted
26. Restart computer.
27. If you see a red dot, something went wrong…but you should still be able to log in w/ the local administrator account.
28. If you see a green or yellow dot, you should be able to log in with any blazerID/password combination. (It may take a minute or two for the initial login.)
29. In order to make an account an administrator, they need to log in once first! Then you can go into System Preferences -> Users & Groups -> click on the user & change them to an administrator.