New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

Start a Discussion

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Internet, Networking, and Wireless Discussion of networking, internet, and wireless including Apple's Airport products.

Help with active directory

Post Reply New Thread Subscribe

Thread Tools

Member Since: Mar 04, 2011
Posts: 3
cfaulds is on a distinguished road

cfaulds is offline
I am very new to MAC's and dont use them much but we do have one on our network and its been working fine for the most part to get to the necessary shares. Lately we have been having Keychain issues and it seamed like every day we had to reset the local keychain on the computer. I was requested to check into the possibly of making it so the MAC domain user has to log onto the MAC computer instead of the local MAC user logging in every time. If someone could please help me with that it would be great. The MAC is iMAC OS X 10.4
QUOTE Thanks

EvenStranger's Avatar
Member Since: Dec 09, 2010
Location: Virginia
Posts: 844
EvenStranger is just really niceEvenStranger is just really niceEvenStranger is just really niceEvenStranger is just really niceEvenStranger is just really nice
Mac Specs: Currently 13" Late 2010 MBA, 4GB/128GB; Early 2011 13" MBP, dual core i7 2.7ghz, 4gb ram, 500gb hd

EvenStranger is offline
First of all, join the Mac to the domain. We add it as a computer to a Mac OU, so we don't inherit policies from other OUs. Once the Mac has been pre-added to the domain through your management console or UMC, enter the credentials to join the Mac to your domain. That's done through Accounts->Login Options->Join. Click the Open Directory Utility button. Enter password if prompted. Double click Active Directory. Under Advanced settings, we enable "Create Mobile Account at Login" and disable "Require confirmation..." and Use UNC path...." Click OK, click Apply and close the window. You should have a green light next to your domain name on the Accounts window.

Once that is complete, we use two command line utilities to join a user to the domain. Open Terminal and type the following:

cd /System/Library/CoreServices/
sudo ./createmobileaccount -n username
(enter password)
sudo createhomedir -c -u username

This will reach out to the domain, find the user name, add the mobile account to the system, and create a home directory for the user.

At this point, open Accounts again (might have to close and reopen it) and you should see the new account you've created. It's going to be managed, so if you want to give it administrative rights, you'll have to change that manually by clicking the checkbox. We turn off Parental Controls, because it can block things like adding printers or changing system preferences.

Here's the thing... when a Mac user changes his password at the login prompt, it will also change the keychain password, but NOT the passwords stored in the keychain, nor will it change application passwords, like Outlook or chat clients. Those will have to be changed as part of the whatever password change process you have in place. Gotchas are old services saved in the keychain (delete them and recreate them if needed), 802.1x profiles if you use it... those services can send multiple bad password requests to the AD server and lock out an account.

Hope this helps!
QUOTE Thanks

Member Since: Mar 04, 2011
Posts: 3
cfaulds is on a distinguished road

cfaulds is offline
Thanks, I will try this Monday and see if that works.
QUOTE Thanks

Member Since: Mar 04, 2011
Posts: 3
cfaulds is on a distinguished road

cfaulds is offline
Alright, I tried adding the computer to the domain and that worked just fine. When I try going through accounts- login options thats where I get stuck in that window there is no Join button and or option. The version is 10.4.11. I also need to know when I add the user to the domain how to save all the files on the local user so they will be on the domain user account? Any help would be great! thanks!
QUOTE Thanks

Post Reply New Thread Subscribe

« shared drive issues | Different networks with airport express »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

All times are GMT -4. The time now is 03:06 PM.

Powered by vBulletin
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

Welcome to

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!

(4 digit year)

Already a member?