« Home | Change MacOffice 2004 Product ID » | Installing PHP and MySQL on Windows IIS 6 » | Get Console Access with Remote Desktop Client » | Providing "Send As" Rights in Exchange » | MOSX: Connecting to Window printer shares » | Leave no .DS_Store trails » 

Wednesday, October 12, 2005

Configure Mac Tiger with Active Directory

Getting a Mac onto Active Directory has in the past caused many headaches. But it seems that Mac OS X 10.4 (Tiger) has automated several key steps that used to make it difficult to configure Active Directory via Apple's built-in Open Directory software. Prerequisite information that must be obtained by the Sys or Netadmin:
  • Must have local administrative rights on the Mac
  • Must have a domain administrator password to bind the computer to the network
  • Must have the Active Directory domain name (such as east.microsoft.com)
  • Must have the domain controller's DNS name for LDAP functionality (such as dc.east.microsoft.com)
Now for the configuration of Active Directory:
  1. Launch Directory Access, located in the /Applications/Utilities folder.
  2. Click the lock button on the bottom left to authenticate the administrative password
  3. Once authenticated, double-click the Active Directory line to configure it.
  4. Fill in the Active Directory Domain (east.microsoft.com) and Computer ID. The ID will be the computer's name in AD so you should try to use the standardized name for your AD environment.
  5. Click the Bind... button and you will be prompted for a domain administrator's credentials (technically any account enabled to add objects to the directory). Enter this information in and if needed, change the OU as required by your AD installation. By default it goes to Active Directory's default container of "Computers" within the root of the domain.
  6. Once you click OK, the machine will go through a few steps to join the domain. Once complete, the Bind... button will become Unbind.
  7. Finally, to aid in system management, click the "Show Advanced Options" button and then click the Administrative tab. If you have multiple domain controllers, you can here select a preferred server. Also you can click the option to Allow administration for enterprise and domain administrators. Click OK to complete the Active Directory configuration.
Now that Active Directory has been established, you should add LDAP:
  1. Double-click LDAPv3 to begin configuring it.
  2. Click the New... button and then click the Manual button that appears in the pop-up for the quickest configuration
  3. Now you should be back at the base configuration pop-up. Name the configuration as you see fit and then hit Tab to enter your domain controller's DNS name or IP address.
  4. Then click the dropdown for LDAP mappings and select Active Directory. Then you will have to enter the search suffix base. Use the DNS domain name for this, but you need it represented in FQDN format. In my example of east.microsoft.com, it would turn into:
    DC=east,DC=microsoft,DC=com
  5. Click OK to exit both menus and quit out of Directory Access.
My final recommendation is to then go into System Preferences and select the Accounts applet. From there, authenticate with your administrative credentials and click "Login Options" at the bottom left. Then hit the radio button of "Name and password" under "Display login window as:" so that you can enter any AD username at the login screen. Log out of the local profile and try logging back in as a domain user. Assuming that everything works as expected, you can login with any domain user account which will automatically setup a local profile on the Mac.

4:26 PM | | E-mail this post

E-mail this post



Remember me (?)



All personal information that you provide here will be governed by the Privacy Policy of Blogger.com. More...

Add a comment