{"id":38780,"date":"2010-11-02T15:23:52","date_gmt":"2010-11-02T19:23:52","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?page_id=38780"},"modified":"2022-05-11T13:11:34","modified_gmt":"2022-05-11T17:11:34","slug":"mac","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/services\/security\/iam\/directory\/ad\/mac\/","title":{"rendered":"Joining macOS Devices to AD"},"content":{"rendered":"<p>This page provides basic instructions for integrating a <span>macOS 10.6 Snow Leopard<\/span> or newer computer with Active Directory, allowing the use of AD credentials to log in. These instructions require AD administrative accounts, so must be used by OU administrators.<\/p>\n<h3>Bind the computer to AD<\/h3>\n<ol>\n<li>Open <strong>Applications<\/strong> &gt; <strong>System Preferences.<\/strong><\/li>\n<li>Click on the <strong>Users &#038; Groups (Accounts on older versions)<\/strong> preference pane.<\/li>\n<li>Click\u00a0<strong>Login Options<\/strong> located in the left column.<\/li>\n<li>Click <strong>Join&#8230;<\/strong><\/li>\n<li>Enter <strong>ad.bu.edu<\/strong> as the <strong>Server<\/strong>. Snow Leopard (or newer operating systems) will automatically determine the type of server from the address you enter. The <strong>Client Computer ID<\/strong> will be based on the name in the Mac&#8217;s Sharing settings.<\/li>\n<li>The <strong>AD Admin User<\/strong> and <strong>AD Admin Password<\/strong> fields should be the AD credentials of a departmental OU administrator.<\/li>\n<li>Click <strong>OK <\/strong>and wait for the bind to complete.<\/li>\n<\/ol>\n<h3>Configure<\/h3>\n<ol>\n<li>Once the progress indicator has disappeared, click on the\u00a0<strong>Edit&#8230; <\/strong>button in the <strong>Users &#038; Groups\/Accounts<\/strong> pane.<\/li>\n<li>Click<strong> Open Directory Utility&#8230;<\/strong><\/li>\n<li><strong>Authenticate <\/strong>to make changes.<\/li>\n<li>Double-click <strong>Active Directory<\/strong>.<\/li>\n<li>Click on the triangle next to <strong>Show Options\/Show Advanced Settings<\/strong> to expand the window.<\/li>\n<li>Select the <strong>User Experience <\/strong>tab.<\/li>\n<li>Check <strong>Create mobile account<\/strong> for systems that will not have an always-on network connection. For instance, this would be appropriate for laptops that may be used while not connected to a network. If you do select this option, it is best to uncheck <strong>Require confirmation before creating a mobile account<\/strong> option as the message it produces can be a bit confusing.<\/li>\n<li>Uncheck <strong>Use UNC path from Active Directory.<\/strong><\/li>\n<li><strong><\/strong>Make sure <strong>Force local home<\/strong> is checked (This will already default on when using mobile accounts).<\/li>\n<li>You may also optionally configure the default user shell by leaving the default value or by adding \/usr\/bin\/false, which disables shell access for AD users.<\/li>\n<li>Once all of your Directory Utility settings are as you would like them, accept and close all windows until you are back to the <strong>Users &#038; Groups\/Accounts<\/strong> pane. On this screen, change the <strong>Display login window as<\/strong> option to <strong>Name and Password.<\/strong><\/li>\n<\/ol>\n<p>The steps above should allow authentication using AD credentials, when on a BU network. Restart the computer and try logging in with an AD account. <strong>No<\/strong> AD prefix or @bu.edu suffix are required for the username value.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This page provides basic instructions for integrating a macOS 10.6 Snow Leopard or newer computer with Active Directory, allowing the use of AD credentials to log in. These instructions require AD administrative accounts, so must be used by OU administrators. Bind the computer to AD Open Applications &gt; System Preferences. Click on the Users &#038;&#8230;<\/p>\n","protected":false},"author":1303,"featured_media":0,"parent":1191,"menu_order":6,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/38780"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/1303"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=38780"}],"version-history":[{"count":26,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/38780\/revisions"}],"predecessor-version":[{"id":119250,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/38780\/revisions\/119250"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/1191"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=38780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}