Results 1 to 4 of 4
  1. #1

    Member Since
    Mar 04, 2011
    Exclamation Help with active directory
    I am very new to MAC's and dont use them much but we do have one on our network and its been working fine for the most part to get to the necessary shares. Lately we have been having Keychain issues and it seamed like every day we had to reset the local keychain on the computer. I was requested to check into the possibly of making it so the MAC domain user has to log onto the MAC computer instead of the local MAC user logging in every time. If someone could please help me with that it would be great. The MAC is iMAC OS X 10.4

  2. #2

    EvenStranger's Avatar
    Member Since
    Dec 09, 2010
    Currently 13" Late 2010 MBA, 4GB/128GB; Early 2011 13" MBP, dual core i7 2.7ghz, 4gb ram, 500gb hd
    First of all, join the Mac to the domain. We add it as a computer to a Mac OU, so we don't inherit policies from other OUs. Once the Mac has been pre-added to the domain through your management console or UMC, enter the credentials to join the Mac to your domain. That's done through Accounts->Login Options->Join. Click the Open Directory Utility button. Enter password if prompted. Double click Active Directory. Under Advanced settings, we enable "Create Mobile Account at Login" and disable "Require confirmation..." and Use UNC path...." Click OK, click Apply and close the window. You should have a green light next to your domain name on the Accounts window.

    Once that is complete, we use two command line utilities to join a user to the domain. Open Terminal and type the following:

    cd /System/Library/CoreServices/
    sudo ./createmobileaccount -n username
    (enter password)
    sudo createhomedir -c -u username

    This will reach out to the domain, find the user name, add the mobile account to the system, and create a home directory for the user.

    At this point, open Accounts again (might have to close and reopen it) and you should see the new account you've created. It's going to be managed, so if you want to give it administrative rights, you'll have to change that manually by clicking the checkbox. We turn off Parental Controls, because it can block things like adding printers or changing system preferences.

    Here's the thing... when a Mac user changes his password at the login prompt, it will also change the keychain password, but NOT the passwords stored in the keychain, nor will it change application passwords, like Outlook or chat clients. Those will have to be changed as part of the whatever password change process you have in place. Gotchas are old services saved in the keychain (delete them and recreate them if needed), 802.1x profiles if you use it... those services can send multiple bad password requests to the AD server and lock out an account.

    Hope this helps!

  3. #3

    Member Since
    Mar 04, 2011
    Thank you
    Thanks, I will try this Monday and see if that works.

  4. #4

    Member Since
    Mar 04, 2011
    Alright, I tried adding the computer to the domain and that worked just fine. When I try going through accounts- login options thats where I get stuck in that window there is no Join button and or option. The version is 10.4.11. I also need to know when I add the user to the domain how to save all the files on the local user so they will be on the domain user account? Any help would be great! thanks!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Active Directory
    By TPCK1 in forum macOS - Operating System
    Replies: 3
    Last Post: 09-08-2012, 08:10 PM
  2. Active Directory Groups on OS X 10.6<
    By rburk in forum macOS - Operating System
    Replies: 0
    Last Post: 06-12-2012, 08:34 AM
  3. OS X 10.7.2 and Active Directory?
    By Tony414 in forum macOS - Operating System
    Replies: 0
    Last Post: 01-11-2012, 03:59 PM
  4. Macs not able to log onto Active Directory through Open Directory
    By lawrencm in forum macOS - Operating System
    Replies: 0
    Last Post: 04-26-2010, 06:10 AM
  5. Active Directory Permissions
    By osumarty in forum macOS - Operating System
    Replies: 3
    Last Post: 02-28-2006, 09:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts