There are many sources about joining a Mac to an existing Windows Active Directory domain host but I found the Apple documentation lacking in detail (e.g. what actually are “mobile accounts”) and a great deal of ‘noise’ when searching mostly due to people having issues so I just wanted to jot my notes on the subject down here.
Active Directory Domain Host: Windows Server 20077 SP2
Client: Mac OSX 10.6.8
On the Mac
On the Server
You should add a DNS entry for the machine if there isn’t one already.
Resources
http://community.spiceworks.com/how_to/show/237
http://training.apple.com/pdf/wp_integrating_active_directory.pdf
Active Directory Domain Host: Windows Server 20077 SP2
Client: Mac OSX 10.6.8
On the Mac
- Login as an administrator (the primary user is setup as one by default) then go to Apple, System Preferences, System, Accounts.
- Click Login Options on the left at the bottom
- On the right hand pane it should say Network Account Server and then either “Join” or a domain name and Edit. If it says edit the proceed to the next step.
- To Join: Enter the active directory domain controller (I used IP) and a user with sufficient privileges to join a computer to the AD.
- Once joined click Edit to enforce ‘mobile accounts’ which are a rough equivalent of roaming profiles in Windows.
- Click “Open Directory Utility” and unlock it (click the padlock bottom left).
- Double click Active Directory and click the arrow next to Show Advanced Options.
- Tick Create mobile account at login and un-tick “Require confirmation…”. This allows the user to login using the same profile when not connected to the AD controller.
- Choose the Administrative tab and allow administration by domain admins and enterprise admins.
- You should now be able to log out and log back in as an Active Directory User using your username, password and active directory domain.
Network Shares
You can access a share by going to Finder, Go, Connect to Server then type in the share name e.g.
smb://[server name]/Users$/[share name]
smb://[server name]/Users$/[share name]
To open the share on each login go to: System Preferences, Users and Groups, select the user account then Login Items on the right hand pane, then click the add sign and select the relevant folder.
If you need more integration with Active Directory e.g. syncing folders etc it might be easier to use an OSX or Linux server e.g. http://mattfleming.com/node/190
You should add a DNS entry for the machine if there isn’t one already.
Resources
http://community.spiceworks.com/how_to/show/237
http://training.apple.com/pdf/wp_integrating_active_directory.pdf
No comments:
Post a Comment