Macintosh OS X versions 10.3 and later have AD plug-ins available; however, some versions of the OS have had bugs. Panther 10.3.8 and Tiger 10.4.x have been tested and are known to work.
Please note that one of the above approved Mac OS X versions is required and machine accounts must be pre-staged in Active Directory by a designated OU Administrator before the system can be joined to the domain. Please also note that if a user besides an OU Administrator will be joining the system to Active Directory that user, or a group containing that user, must be given permission to join the system to Active Directory.
Join your computer to the AD
- Open the Directory Access application.
- Select "Active Directory" and click the "Configure..." button.
- Enter ad.uiuc.edu in both the Forest and Domain fields.
- Enter the name machine account that has been pre-staged in AD in the "Computer ID" field.
- Click the down arrow to the left of "Show Advanced Options."
- Check the "Cache last user logon for offline operation" box.
While this configuration is optional, it is strongly recommended for laptops and is useful for desktop computer users in the rare instance that the network is unavailable.
- Click the up arrow to the left of "Hide Advanced Options."
- Click the "Bind..." button.
- Type your NetID in the Username field and your AD password in the Password field.
- Leave the default value in the Computer OU field.
- Click OK.
- Click "OK" on the "Join existing account?" dialog box.
Note: If you get an error regarding insufficient privileges, make sure you pre-staged your account correctly. A common mistake is to fail to specify a group or user who will have the permission to join the account to the domain.)
Add AD to Authentication Path
- Select the "Authentication" tab.
- In the "Search:" dropdown list, choose "Custom path," then click the "Add..." button.
- Select "/Active Directory/ad.uiuc.edu," and click "Add."
- Click the "Apply" button.
Any AD user should now be able to authenticate to the machine.