Join Active Directory in OS X Lion

From ITSCWiki

Jump to: navigation, search

These steps are for joining a OS X Lion AND Mountain Lion to the CLLA AD domain.

NOTE: The AD record must exist prior to joining. Create the computer account first then follow these steps.

  1. Open System Preferences (See Figure 1)
    • Or click the Apple in upper left corner then choose System Preferences
    System preferences icon.png
    Figure 1Click Image to Enlarge
  2. Open User & Groups (See Figure 2)
    Join lion to ad1.png
    Figure 2Click Image to Enlarge
  3. Click Login Options (See Figure 3 - Item #1)
    • Unlock if necessary (See Figure 3 - Item #2)
  4. Click Join... (See Figure 3 - Item #3)
    Join lion to ad3.png
    Figure 3Click Image to Enlarge
  5. At the next Dialog that comes up select Open Directory Utility... (See Figure 4)
    Join lion to ad4.png
    Figure 4Click Image to Enlarge
  6. In Directory Utility click the Services Tab and select Active Directory then click the Edit button (pencil icon) (See Figure 5)
    Join lion to ad5.png
    Figure 5Click Image to Enlarge
  7. Once the settings for Active Directory open Make fill the two settings (See Figure 6)
    • Active Directory Domain - clla.ad.tamu.edu
    • Computer ID - computer's name that matches existing AD record
  8. Under the User Experience tab make the following changes (See Figure 6)
    • Uncheck Use UNC path...
    • Check Create mobile account at login
    • Uncheck Require confirmation before creating mobile account
    Join lion to ad6.png
    Figure 6Click Image to Enlarge
  9. Leave all checkboxes unchecked under Mappings tab
  10. Make the following changes under Administrative tab (See Figure 7)
    • Uncheck Allow authentication from any domain in the forest
    • Check Allow administration by:
    • Remove existing groups from Allow administration by
    • Add a domain admin group such as CLLA\CLLA dept-admins to the Allow administration by
    Join lion to ad8.png
    Figure 7Click Image to Enlarge
  11. Enter your AD username and password and do not prefix the username with CLLA\ (See Figure 8)
    Join lion to ad9.png
    Figure 8Click Image to Enlarge
  12. If prompted to replace existing account choose Replace
  13. Once the bind is complete and the Bind button turns to Unbind click Ok to get back to Directory Utility
  14. Select the Search Policy tab and under Authentication and Contacts delete the All Domains line.
  15. Under both Authentication and Contacts click the + sign to and add the domain path (See Figure 9)
    • For CLLA use /Active Directory/CLLA/clla.ad.tamu.edu
    Join lion to ad10.png
    Figure 9Click Image to Enlarge
  16. Double check that Authentication looks similar to Figure 10 (Note: /Local/MCX may not always be there)
    Join lion to ad11.png
    Figure 10Click Image to Enlarge
  17. Double check that Contacts looks similar to Figure 11
    Join lion to ad12.png
    Figure 11Click Image to Enlarge
  18. Click Apply then close Directory Utility.
  19. Back under User & Groups in System Preferences you should see a green orb next to CLLA (See Figure 12)
    Join lion to ad13.png
    Figure 12Click Image to Enlarge
Retrieved from "http://itscwiki.tamu.edu/wiki/Join_Active_Directory_in_OS_X_Lion"
Personal tools
navigation
Information for...
Tutorials & HOW-To's