Difference between revisions of "Add or Remove Mac from Active Directory"
Jump to navigation
Jump to search
(Created page with "There are two ways to add a Mac to Active Directory. The results are the same. Before proceeding make sure the Mac is connected to your network either via Ethernet or wireless...") |
|||
| Line 1: | Line 1: | ||
There are two ways to add a Mac to Active Directory. The results are the same. Before proceeding make sure the Mac is connected to your network either via Ethernet or wireless. Macs can establish wireless connections at the login screen which is helpful for devices such as the MacBook Air that do not have Ethernet ports. | There are two ways to add a Mac to Active Directory. The results are the same. Before proceeding make sure the Mac is connected to your network either via Ethernet or wireless. Macs can establish wireless connections at the login screen which is helpful for devices such as the MacBook Air that do not have Ethernet ports. | ||
| − | + | __FORCETOC__ | |
== Open Directory Utility == | == Open Directory Utility == | ||
#Click on Apple in top left corner and click on System Preferences. | #Click on Apple in top left corner and click on System Preferences. | ||
| Line 8: | Line 8: | ||
#Where it says Network Account Server, click on the button '''Join...''' | #Where it says Network Account Server, click on the button '''Join...''' | ||
#Click on '''Open Directory Utility...''' | #Click on '''Open Directory Utility...''' | ||
| + | #Double click on '''Active Directory'''. Note, you may click on the lock in the bottom left corner to unlock and make edits. | ||
Or alternatively... | Or alternatively... | ||
| Line 17: | Line 18: | ||
#Open '''Core Services''' folder | #Open '''Core Services''' folder | ||
#Open '''Directory Utility.app''' | #Open '''Directory Utility.app''' | ||
| + | #Double click on '''Active Directory'''. Note, you may click on the lock in the bottom left corner to unlock and make edits. | ||
== Add Mac to Active Directory using Directory Utility == | == Add Mac to Active Directory using Directory Utility == | ||
| Line 31: | Line 33: | ||
#Check '''Require confirmation before creating a mobile account'''. Otherwise you may see a prompt when you login with your AD credentials for the first time to create a mobile account folder which should be answered with '''Yes'''. And if given the option select '''Do not ask me again'''. | #Check '''Require confirmation before creating a mobile account'''. Otherwise you may see a prompt when you login with your AD credentials for the first time to create a mobile account folder which should be answered with '''Yes'''. And if given the option select '''Do not ask me again'''. | ||
#If you are not using network homes, then uncheck '''Use UNC path from Active Directory to derive network home location''' | #If you are not using network homes, then uncheck '''Use UNC path from Active Directory to derive network home location''' | ||
| − | #If you want to make an AD group | + | #If you want to make an AD group administrators on the computer, click the '''Administrative''' tab. |
##Make sure '''Allow administration by:''' is checked. | ##Make sure '''Allow administration by:''' is checked. | ||
##Click on the plus sign and type ''enter AD group name'' to allow AD group to be administrators on the machine. | ##Click on the plus sign and type ''enter AD group name'' to allow AD group to be administrators on the machine. | ||
| Line 40: | Line 42: | ||
##'''First method''': in reverse name format, type out the Organizational Unit (OU) the machine is going to be added to. For example: '''OU=MacOSX,OU=Computers,DC=company,DC=com'''. You will most likely need to remote into a PC machine and look at the Active Directory hierarchy for the domain to see the structure of OUs using Active Directory Users and Computers if you cannot remember the hierarchy. Please notice the use of commas and OU= which is important otherwise this may fail.<br />OU stands for Organizational Unit and DC stands for Domain Controller. CN stands for Class Name. | ##'''First method''': in reverse name format, type out the Organizational Unit (OU) the machine is going to be added to. For example: '''OU=MacOSX,OU=Computers,DC=company,DC=com'''. You will most likely need to remote into a PC machine and look at the Active Directory hierarchy for the domain to see the structure of OUs using Active Directory Users and Computers if you cannot remember the hierarchy. Please notice the use of commas and OU= which is important otherwise this may fail.<br />OU stands for Organizational Unit and DC stands for Domain Controller. CN stands for Class Name. | ||
##'''Second method''': leave '''Computer OU:''' as is which should be '''CN=Computers,DC=company,DC=com'''. Instead remote into a PC with Active Directory Users and Computers. Go to the proper OU where the Mac will go and right-click the OU and select '''New -> Computer'''. Enter the Computer Name which needs to match the Computer ID filled out earlier. On the Mac, in Directory Utility you should now be able to click '''Bind'''.<br />OU stands for Organizational Unit. DC stands for Domain Controller. CN stands for Class Name.<br /><br />If you will used the second method of adding a Mac to Active Directory, you will see the following message:<br /><blockquote>''Join existing account?<br />The account information you entered specifies an account that already exists. Do you wish to join this computer to the existing computer account? This operation cannot be undone.''</blockquote>Please click '''OK'''. This is the Mac telling you that you will be overwriting a computer account in Active Directory which is fine and should not cause any problems. | ##'''Second method''': leave '''Computer OU:''' as is which should be '''CN=Computers,DC=company,DC=com'''. Instead remote into a PC with Active Directory Users and Computers. Go to the proper OU where the Mac will go and right-click the OU and select '''New -> Computer'''. Enter the Computer Name which needs to match the Computer ID filled out earlier. On the Mac, in Directory Utility you should now be able to click '''Bind'''.<br />OU stands for Organizational Unit. DC stands for Domain Controller. CN stands for Class Name.<br /><br />If you will used the second method of adding a Mac to Active Directory, you will see the following message:<br /><blockquote>''Join existing account?<br />The account information you entered specifies an account that already exists. Do you wish to join this computer to the existing computer account? This operation cannot be undone.''</blockquote>Please click '''OK'''. This is the Mac telling you that you will be overwriting a computer account in Active Directory which is fine and should not cause any problems. | ||
| + | #Select OK. | ||
| + | |||
| + | == Remove Mac from Active Directory using Directory Utility == | ||
| + | It is possible to remove a machine from Active Directory from within Mac OS X. This assumes the machine is on AD domain. | ||
| + | |||
| + | #First, you will need to open [[#Open Directory Utility|Directory Utility]]. | ||
| + | #Make sure the lock in the bottom left corner of the window is in an unlocked position. | ||
| + | #You will see three tabs: '''Services''' '''Search Policy''' '''Directory Editor'''. By default you will be under the '''Services''' tab. If not, please click '''Services'''. | ||
| + | #Double click on '''Active Directory'''. | ||
| + | #Click on the '''Unbind...''' button. | ||
| + | #Enter your AD username in the '''Username:''' text field | ||
| + | #Enter your AD password in the '''Password:''' text field | ||
#Select OK. | #Select OK. | ||
[[Category:Guides]] | [[Category:Guides]] | ||
Revision as of 19:24, 27 May 2013
There are two ways to add a Mac to Active Directory. The results are the same. Before proceeding make sure the Mac is connected to your network either via Ethernet or wireless. Macs can establish wireless connections at the login screen which is helpful for devices such as the MacBook Air that do not have Ethernet ports.
Contents
Open Directory Utility
- Click on Apple in top left corner and click on System Preferences.
- Click on Users & Groups.
- Make sure the lock in the bottom left corner of the window is in an unlocked position.
- Click on Login Options.
- Where it says Network Account Server, click on the button Join...
- Click on Open Directory Utility...
- Double click on Active Directory. Note, you may click on the lock in the bottom left corner to unlock and make edits.
Or alternatively...
- Open Finder.
- Click on Go menu and then Go to folder...
- Type /System
- Open Library folder
- Open Core Services folder
- Open Directory Utility.app
- Double click on Active Directory. Note, you may click on the lock in the bottom left corner to unlock and make edits.
Add Mac to Active Directory using Directory Utility
- Make sure the lock in the bottom left corner of the window is in an unlocked position.
- You will see three tabs: Services Search Policy Directory Editor. By default you will be under the Services tab. If not, please click Services.
- Double click on Active Directory.
- Enter the following information:
- Leave Active Directory Forest alone.
- Active Directory Domain: enter your domain name (i.e. company.com for purposes of this guide)
- Computer ID: enter computer name
- Click on arrow next to Show Advanced Options.
- Click the User Experience tab. This should be the default tab you see anyways.
- Check Create mobile account at login
- Check Require confirmation before creating a mobile account. Otherwise you may see a prompt when you login with your AD credentials for the first time to create a mobile account folder which should be answered with Yes. And if given the option select Do not ask me again.
- If you are not using network homes, then uncheck Use UNC path from Active Directory to derive network home location
- If you want to make an AD group administrators on the computer, click the Administrative tab.
- Make sure Allow administration by: is checked.
- Click on the plus sign and type enter AD group name to allow AD group to be administrators on the machine.
- Click on the Bind... button.
- Enter your AD username in the Username: text field
- Enter your AD password in the Password: text field
- The next step requires you to fill out Computer OU: which can be handled one of two ways
- First method: in reverse name format, type out the Organizational Unit (OU) the machine is going to be added to. For example: OU=MacOSX,OU=Computers,DC=company,DC=com. You will most likely need to remote into a PC machine and look at the Active Directory hierarchy for the domain to see the structure of OUs using Active Directory Users and Computers if you cannot remember the hierarchy. Please notice the use of commas and OU= which is important otherwise this may fail.
OU stands for Organizational Unit and DC stands for Domain Controller. CN stands for Class Name. - Second method: leave Computer OU: as is which should be CN=Computers,DC=company,DC=com. Instead remote into a PC with Active Directory Users and Computers. Go to the proper OU where the Mac will go and right-click the OU and select New -> Computer. Enter the Computer Name which needs to match the Computer ID filled out earlier. On the Mac, in Directory Utility you should now be able to click Bind.
OU stands for Organizational Unit. DC stands for Domain Controller. CN stands for Class Name.
If you will used the second method of adding a Mac to Active Directory, you will see the following message:
Please click OK. This is the Mac telling you that you will be overwriting a computer account in Active Directory which is fine and should not cause any problems.Join existing account?
The account information you entered specifies an account that already exists. Do you wish to join this computer to the existing computer account? This operation cannot be undone.
- First method: in reverse name format, type out the Organizational Unit (OU) the machine is going to be added to. For example: OU=MacOSX,OU=Computers,DC=company,DC=com. You will most likely need to remote into a PC machine and look at the Active Directory hierarchy for the domain to see the structure of OUs using Active Directory Users and Computers if you cannot remember the hierarchy. Please notice the use of commas and OU= which is important otherwise this may fail.
- Select OK.
Remove Mac from Active Directory using Directory Utility
It is possible to remove a machine from Active Directory from within Mac OS X. This assumes the machine is on AD domain.
- First, you will need to open Directory Utility.
- Make sure the lock in the bottom left corner of the window is in an unlocked position.
- You will see three tabs: Services Search Policy Directory Editor. By default you will be under the Services tab. If not, please click Services.
- Double click on Active Directory.
- Click on the Unbind... button.
- Enter your AD username in the Username: text field
- Enter your AD password in the Password: text field
- Select OK.
