I am trying to add our mac PC's to the windows domain at work.I am little confused on where to start from. do i need Mac OS X 10.5 leopard server to do this or can do this without mac osx server.we are using VMware esx, windows server 2003 on the corp environment. are there any 3rd party tools to get this accomplished.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Please help:adding a mac PC to the windows domain at work
- Thread starter john0026
- Start date
- Sort by reaction score
Funny you should ask; I was just playing around with this for the first time today. While it's fresh in my mind, I'll walk you through the steps. The following instructions apply to Leopard--I'm not sure if this would apply to earlier versions of OS X:
1) From Finder, select Go-->Utilities from the menu
2) Run "Directory Utility"
3) Click the little padlock, and enter a Mac admin's credentials to unlock it
4) Click on "Show Advanced Settings"
5) When the toolbar appears, select "Services" and then select "Active Directory" checkbox
6) Next, select "Directory Servers" from the toolbar, then click the "+" button to add your AD domain server
7) In the top drop-down box "Add a new directory of type," select "Active Directory".
8) Enter the name of your domain (I used FQDN nomenclature as in "mydomain.com"), then enter the username and password of a Domain Admin that is authorized to add computers to the AD directory and click OK
9) In the directory servers list, you should now see your domain with a little green light next to it and the message "This server is responding normally."
10) Now log off.
11) If the Mac is configured to show a list of users at login, select "Other" at the bottom. Enter your domain logon credentials: "mydomain\username" and your password. The machine will pause a minute to create new user folders, and then you're in AND you have access to all of your network shares without entering your name and password again.
That's it! What's cool is that any domain user can now log on to the machine without a local account being set up first.
Some caveats:
You will have trouble if the domain userID happens to match the short name of a local Mac account, e.g., if there is a local account named "Rich" and a domain user "mydomain\Rich" this will not work properly--it won't create new user folders for the domain user.
If you ARE running Leopard, make sure you're up to date. I was reading some complaints in another forum that AD integration was broken in Leopard prior to 10.5.2. I haven't personally verified that this is true, but just a word to the wise...
Hope this helps, have fun!
1) From Finder, select Go-->Utilities from the menu
2) Run "Directory Utility"
3) Click the little padlock, and enter a Mac admin's credentials to unlock it
4) Click on "Show Advanced Settings"
5) When the toolbar appears, select "Services" and then select "Active Directory" checkbox
6) Next, select "Directory Servers" from the toolbar, then click the "+" button to add your AD domain server
7) In the top drop-down box "Add a new directory of type," select "Active Directory".
8) Enter the name of your domain (I used FQDN nomenclature as in "mydomain.com"), then enter the username and password of a Domain Admin that is authorized to add computers to the AD directory and click OK
9) In the directory servers list, you should now see your domain with a little green light next to it and the message "This server is responding normally."
10) Now log off.
11) If the Mac is configured to show a list of users at login, select "Other" at the bottom. Enter your domain logon credentials: "mydomain\username" and your password. The machine will pause a minute to create new user folders, and then you're in AND you have access to all of your network shares without entering your name and password again.
That's it! What's cool is that any domain user can now log on to the machine without a local account being set up first.
Some caveats:
You will have trouble if the domain userID happens to match the short name of a local Mac account, e.g., if there is a local account named "Rich" and a domain user "mydomain\Rich" this will not work properly--it won't create new user folders for the domain user.
If you ARE running Leopard, make sure you're up to date. I was reading some complaints in another forum that AD integration was broken in Leopard prior to 10.5.2. I haven't personally verified that this is true, but just a word to the wise...
Hope this helps, have fun!
Thanks videoF very useful info i would try it out on monday and let u know what happens
Mac on Windows Domain
Indeed, Wicked info! Bookmarking this info for future reference. Didn't know that this was possible!
Indeed, Wicked info! Bookmarking this info for future reference. Didn't know that this was possible!
AD-OD Whitepaper
The best site for information about this is: http://www.afp548.com
I have used their whitepaper (found here) to connect Macs to AD 2003 in various environments.
If you have all of your data on a Windows Managed SAN with Distributed File Sharing & SMB Signing configured & you Macs are running 10.4 then you may have like to try; AdmitMac.
(Apparently 10.5 can access the above security methods but I haven't tested this follow due to the below).
If you are looking at using 10.5 & have a large network be warned as 10.5 queries every DC on the domain before it allows you to login, I am currently working at a Global Company with some 50 dc's located across the globe & login can take 6 - 10 Minutes.
I am awaiting for 10.5.3 to resolve this.
The best site for information about this is: http://www.afp548.com
I have used their whitepaper (found here) to connect Macs to AD 2003 in various environments.
If you have all of your data on a Windows Managed SAN with Distributed File Sharing & SMB Signing configured & you Macs are running 10.4 then you may have like to try; AdmitMac.
(Apparently 10.5 can access the above security methods but I haven't tested this follow due to the below).
If you are looking at using 10.5 & have a large network be warned as 10.5 queries every DC on the domain before it allows you to login, I am currently working at a Global Company with some 50 dc's located across the globe & login can take 6 - 10 Minutes.
I am awaiting for 10.5.3 to resolve this.
Their is realy easy software to use, if you google, "Adding Mac to Active Directory Client lists" and it is like the second or third one.
under Advanced options I would check 'Create mobile account at login' and 'prefer this domain server'.
Why not just add in the preferred DC?
Just out of curiosity (I'm still learning this stuff), what does the "create mobile account" setting do, exactly?
It creates an account a local account on your Mac that checks the server for your username & password details when you login (if available & the cached creadntials if not).
By using this, Laptop users can login when 'off network' but will authenticate to the network when back in the office.
I have,,, it still queries them.
This is similar to the behavior of 10.3.something, but I have found that 10.5.3 should sort it.
Can't wait to test it though!
need help
hey guys ,,
neeeeeed your help guys ,, iam about to creat a ms domain for a company but they want to join 5 MAC pc to the domain, and also they want to creat a redirection path to a folder as backup for each user .. so i know how to create ms domain and join the windows pc users but i dont even know anything about MAC Pc .. anybudy could help me in this guys
hey guys ,,
neeeeeed your help guys ,, iam about to creat a ms domain for a company but they want to join 5 MAC pc to the domain, and also they want to creat a redirection path to a folder as backup for each user .. so i know how to create ms domain and join the windows pc users but i dont even know anything about MAC Pc .. anybudy could help me in this guys
Permissions Error
Hi All,
I'm trying to add my mac to a Windows network at work. I've followed the above steps (Thanks!! They're terrific)... but i'm getting this error when I go through the "add active directory" part:
An unexpected error type - 14120 (eDSPermissionError) occured.
I think maybe this means my mac needs to be added to the windows network permission list or something?? Somewhere? Anyone have any idea about this at all??
Thanks!!
Hi All,
I'm trying to add my mac to a Windows network at work. I've followed the above steps (Thanks!! They're terrific)... but i'm getting this error when I go through the "add active directory" part:
An unexpected error type - 14120 (eDSPermissionError) occured.
I think maybe this means my mac needs to be added to the windows network permission list or something?? Somewhere? Anyone have any idea about this at all??
Thanks!!
possibly an id10t error
I have a MAC G5 we are using to play around adding to the MS active directory. for about a week it has been absolutely sweet. following the steps in this thread, we have it sitting on the domain, accessing the network drives, talking to the exchange server, using the network printers (inlcuding a canon multifunction with some funky custom accounting software - took me forever to work that one out) but in the last couple of days it hasn't been playing ball. It keeps loosing its connection to the domain. At frist I thought the issue was a dodgy ethernet cable, but it isn't, then i suspected the network switch. again no. At the login screen the other user option comes and goes as connection with the server is gained or lost. usually this happens to quickly to log on. If i log onto the Mac's local admin account the directory utility says that the server isn't responding. So the fault may be with the server, but that seems a little strange given it was working quite happily for more than a week. I have looked everywhere I can think of to see if I have overlooked something but I am not sure where I should be looking. I have been a long time Mac user at home but have never needed to network one before so i am sort of following my nose. I do have admin access to the AD but I am no systems engineer so I am sort of following my nose their as well. I did get our regular engineer to check the AD but he isn't a mac person so probably wouldn't know what to look for either. If we can get this working somewhat stably then the number of macs we use will hopefully increase.
I have a MAC G5 we are using to play around adding to the MS active directory. for about a week it has been absolutely sweet. following the steps in this thread, we have it sitting on the domain, accessing the network drives, talking to the exchange server, using the network printers (inlcuding a canon multifunction with some funky custom accounting software - took me forever to work that one out) but in the last couple of days it hasn't been playing ball. It keeps loosing its connection to the domain. At frist I thought the issue was a dodgy ethernet cable, but it isn't, then i suspected the network switch. again no. At the login screen the other user option comes and goes as connection with the server is gained or lost. usually this happens to quickly to log on. If i log onto the Mac's local admin account the directory utility says that the server isn't responding. So the fault may be with the server, but that seems a little strange given it was working quite happily for more than a week. I have looked everywhere I can think of to see if I have overlooked something but I am not sure where I should be looking. I have been a long time Mac user at home but have never needed to network one before so i am sort of following my nose. I do have admin access to the AD but I am no systems engineer so I am sort of following my nose their as well. I did get our regular engineer to check the AD but he isn't a mac person so probably wouldn't know what to look for either. If we can get this working somewhat stably then the number of macs we use will hopefully increase.
Check Machine Name
Make sure the machine name does not have an underscore '_'. I received the same message but then realized the underscore in my machine name.
Hi All,
I'm trying to add my mac to a Windows network at work. I've followed the above steps (Thanks!! They're terrific)... but i'm getting this error when I go through the "add active directory" part:
An unexpected error type - 14120 (eDSPermissionError) occured.
I think maybe this means my mac needs to be added to the windows network permission list or something?? Somewhere? Anyone have any idea about this at all??
Thanks!!
Make sure the machine name does not have an underscore '_'. I received the same message but then realized the underscore in my machine name.
Not sure why it's not showing up.. unless.. you need to *reboot* your mac to make it work with the AD login provider.
We have our macs at work set to ask for username and password in the more traditional network PC manner.
To set this:
System Preferences > Accounts > Login Options > "Display Login Window As:" and tick "Name and Password".
Check the settings under 'Directory Utility' and 'Active Directory'. We had an issue with the mobile account.
We have:
Create mobile account at login 'checked'
Require confirmation before creating a mobile account 'unchecked'
Force local home directory on startup disk 'checked'
Use UNC path from AD to derive network home location 'unchecked'
Default user shell 'checked' with '/bin/bash'
Hope this helps.
We have:
Create mobile account at login 'checked'
Require confirmation before creating a mobile account 'unchecked'
Force local home directory on startup disk 'checked'
Use UNC path from AD to derive network home location 'unchecked'
Default user shell 'checked' with '/bin/bash'
Hope this helps.
I updated to 10.5.5 at home, next time I was at that location "other" showed up. I admit I don't understand it exactly, as I click on it, it required my AD username but my Mac password? Then my Mac account loaded but I had the access to the web that I wanted. Hmmmm Worked out exactly like I wanted. I only wanted the ability to surf the web and the IT people told me I needed to add my computer to the domain. Which I did myself. Thanks though, it probably won't work again Monday.
I am new to using MACs and know nothing - there are brilliant tips guys - got my MAC on the AD domain now. Couple of quesitons - hope someone can help!
If I logon to the MAC with an AD user account and open Finder and go to the "Shared" tab, I see all of the shares that are available on the authorising domain controller, including my user accounts share (listed ith a $ at the end). How can I hide these shares?
I would like to map some drives and provide access to printers currently being delivered by my domain controllers, in the same way as my PCs work. How can I do this?
Is it possible to create a policy that restricts access to certain components on the MAC dependent on user logon permissions - again in the same way as PC work? Is this a MAC policy or would it be an AD policy
Many thanks again for helping the Newboy!!
If I logon to the MAC with an AD user account and open Finder and go to the "Shared" tab, I see all of the shares that are available on the authorising domain controller, including my user accounts share (listed ith a $ at the end). How can I hide these shares?
I would like to map some drives and provide access to printers currently being delivered by my domain controllers, in the same way as my PCs work. How can I do this?
Is it possible to create a policy that restricts access to certain components on the MAC dependent on user logon permissions - again in the same way as PC work? Is this a MAC policy or would it be an AD policy
Many thanks again for helping the Newboy!!