MacOs & Active Directory

[ss2050]

Hi Guys,

Hoping that anyone can help me as I'm stumped a little bit.

We have a variety of macs bound to an AD Server and all have mobile accounts. We are struggling with the following:

When turning the mac on, the network account isn't showing on the login screen, however, you can see the local "emergency" account. So you have to log in to the local account and then click the switcher top right and you can see the AD, account. Once you click it, it then logs into the AD account and if you return the login screen you can see the all the accounts on the login screen

Next - we have a variety of connected servers, including the users home folders. However, we need them to available offline - however, each portable device has VPN account and they can connect outside of the network. I.e on the train. I'm not sure this is possible?

If anyone can help with the first things or point me in the right direction, i'd be grateful.

Thanks

 

[chrfr]

When turning the mac on, the network account isn't showing on the login screen, however, you can see the local "emergency" account. So you have to log in to the local account and then click the switcher top right and you can see the AD, account. Once you click it, it then logs into the AD account and if you return the login screen you can see the all the accounts on the login screen

You'll be better off setting the loginwindow to require users to just type username and password rather than select from the icon for their account.

 

[ss2050]

You'll be better off setting the loginwindow to require users to just type username and password rather than select from the icon for their account.

Thanks, I shoulda said, it's not even showing the "other box" too on the system. I mean, once they're logged in the first time they should be able to continue as normal - but it's not even doing that.

 

[chrfr]

Thanks, I shoulda said, it's not even showing the "other box" too on the system. I mean, once they're logged in the first time they should be able to continue as normal - but it's not even doing that.

Don't rely on the other box. Set it to require username and password.

 

[ss2050]

Don't rely on the other box. Set it to require username and password.

But will that fix the issue of the account not showing on the login page?

 

[chrfr]

But will that fix the issue of the account not showing on the login page?

No names at all are shown on the login page when you use that setting.

 

[ss2050]

No names at all are shown on the login page when you use that setting.

I'll give it a try..

 

[chrfr]

I'll give it a try..

It's the only option that works with any sort of Active Directory environment with more than a small number (single digits) of users. My employer has tens of thousands of people in AD. It'd be impossible to pick a user from a list.

 

[Culweygh]

I'll give it a try..

Also, make sure the Mac and AD Server times are the same, If they get out of sync by more than 5 minutes you can see this behavior.

 

[ss2050]

It's the only option that works with any sort of Active Directory environment with more than a small number (single digits) of users. My employer has tens of thousands of people in AD. It'd be impossible to pick a user from a list.

Thank you so much! I will be deploying the change tomorrow.

I'll check the time too.

 

[hobowankenobi]

Also, make sure the Mac and AD Server times are the same, If they get out of sync by more than 5 minutes you can see this behavior.

To clarify, it is best that all bound Macs use the same time server as the AD boxes, so the time stays sync'd between the server(s) and clients.