Active Directory/Documentation/Joining Macs to WolfTech Domain
(10:58:05 AM) Billy: I wrote this for our helpdesk: Adding Macs to Wolftech Notes:
* Anyone in the domain (read: Entire University) can login if you follow this procedure. * Network is required for authentication unless you create a "mobile account" (see below). * All domain users will have restricted rights on the box unless added to the administration list (see below).
To add a Mac running OS 10.6 Snow Leopard to the Wolftech Domain:
1. Login as a local admin 2. Open System Preferences>Users>Login Options 3. Beside Network Account Server, click the Join... button. 4. Click Open Directory Utility. 5. Click the Lock icon to Authenticate and then click Active Directory and then the Edit button (Looks like a button with a pencil in the center) in the bottom left corner. 6. In the Active Directory Domain Field enter: wolftech.ad.ncsu.edu 7. In the Computer ID field enter your Computer's name. If you don't know it, open System Preferences and click on Sharing. 8. Click the Bind button and enter your unityid.admin account and password then click OK. 9. Move the AD object from the Computers container to the appropriate OU using "Active Directory Users and Computers" from a Windows box using your .admin account.
To add a Mac running OS 10.5 Leopard to the Wolftech Domain:
1. Login as a local admin 2. Finder->/Applications/Utilities/Directory Utility 3. Click the + 4. Change the menu to "Active Directory" 5. Active Directory Domain: wolftech.ad.ncsu.edu 6. Computer ID: <whatever the hostname is> 7. Use your Wolftech unityid.admin account and password 8. OK 9. Move the AD object from the Computers container to the appropriate OU using "Active Directory Users and Computers" from a Windows box using your .admin account.
To be able to administer an OS 10.5 Mac using a domain account: Note: Macs make use of the "Primary Group" attribute. Each account must of the "Primary Group" set to the group listed below for it to work. All .admin accounts in the COEDEAN OU in Wolftech have this set currently. If we add/change people, the settings will have to be set on the account. This process cannot be done for generic unity accounts, so all end users must be added individually.
1. Click the "Services" icon from the top bar of the Directory Utility 2. Click "Active Directory" from the list (the box should be checked) 3. Click the Pencil 4. Show Advanced Settings 5. Click Administrative 6. Check the "Allow Administration By" checkbox 7. Add WOLFTECH\<OU>-Computer Admins and WOLFTECH\<OU>-OU-Admins to the list 8. Add WOLFTECH\unityid of the primary user to the list
To access Windows Network Drives: As of 10.5.5, Macs can't follow DFS links so you have to use the servername. This info can be found on a Windows box by right clicking on a DFS path, selecting Properties, and selecting the DFS tab.
1. Open Finder 2. Click "Go" from the top menu 3. Select Connect to Server: 4. Enter "smb://servername/sharename"
Cached Credentials for Laptops:
1. Once the user has logged in, open "System Preferences" 2. Click on the user account 3. Click the Mobile Account: Create button
(10:58:44 AM) Billy: The "Primary Group" note isn't correct anymore. Any Mac computer object can now read the appropriate attributes.