This page provides basic instructions for integrating a macOS 10.6 Snow Leopard or newer computer with Active Directory, allowing the use of AD credentials to log in. These instructions require AD administrative accounts, so must be used by OU administrators.

Bind the computer to AD

  1. Open Applications > System Preferences.
  2. Click on the Users & Groups (Accounts on older versions) preference pane.
  3. Click Login Options located in the left column.
  4. Click Join…
  5. Enter ad.bu.edu as the Server. Snow Leopard (or newer operating systems) will automatically determine the type of server from the address you enter. The Client Computer ID will be based on the name in the Mac’s Sharing settings.
  6. The AD Admin User and AD Admin Password fields should be the AD credentials of a departmental OU administrator.
  7. Click OK and wait for the bind to complete.

Configure

  1. Once the progress indicator has disappeared, click on the Edit… button in the Users & Groups/Accounts pane.
  2. Click Open Directory Utility…
  3. Authenticate to make changes.
  4. Double-click Active Directory.
  5. Click on the triangle next to Show Options/Show Advanced Settings to expand the window.
  6. Select the User Experience tab.
  7. Check Create mobile account for systems that will not have an always-on network connection. For instance, this would be appropriate for laptops that may be used while not connected to a network. If you do select this option, it is best to uncheck Require confirmation before creating a mobile account option as the message it produces can be a bit confusing.
  8. Uncheck Use UNC path from Active Directory.
  9. Make sure Force local home is checked (This will already default on when using mobile accounts).
  10. You may also optionally configure the default user shell by leaving the default value or by adding /usr/bin/false, which disables shell access for AD users.
  11. Once all of your Directory Utility settings are as you would like them, accept and close all windows until you are back to the Users & Groups/Accounts pane. On this screen, change the Display login window as option to Name and Password.

The steps above should allow authentication using AD credentials, when on a BU network. Restart the computer and try logging in with an AD account. No AD prefix or @bu.edu suffix are required for the username value.