Active Directory/Documentation/Joining Macs to WolfTech Domain
(10:58:05 AM) Billy: I wrote this for our helpdesk: Adding Macs to Wolftech Notes:
* Anyone in the domain (read: Entire University) can login if you follow this procedure. * Network is required for authentication unless you create a "mobile account" (see below). * All domain users will have restricted rights on the box unless added to the administration list (see below).
To add a Mac to the Wolftech Domain:
1. Login as a local admin 2. Finder->/Applications/Utilities/Directory Utility 3. Click the + 4. Change the menu to "Active Directory" 5. Active Directory Domain: wolftech.ad.ncsu.edu 6. Computer ID: <whatever the hostname is> 7. Use your Wolftech unityid.admin account and password 8. OK 9. Move the AD object from the Computers container to the appropriate OU using "Active Directory Users and Computers" from a Windows box using your .admin account.
To be able to administer the Mac using a domain account: Note: Macs make use of the "Primary Group" attribute. Each account must of the "Primary Group" set to the group listed below for it to work. All .admin accounts in the COEDEAN OU in Wolftech have this set currently. If we add/change people, the settings will have to be set on the account. This process cannot be done for generic unity accounts, so all end users must be added individually.
1. Click the "Services" icon from the top bar of the Directory Utility 2. Click "Active Directory" from the list (the box should be checked) 3. Click the Pencil 4. Show Advanced Settings 5. Click Administrative 6. Check the "Allow Administration By" checkbox 7. Add WOLFTECH\<OU>-Computer Admins and WOLFTECH\<OU>-OU-Admins to the list 8. Add WOLFTECH\unityid of the primary user to the list
To access Windows Network Drives: As of 10.5.5, Macs can't follow DFS links so you have to use the servername. This info can be found on a Windows box by right clicking on a DFS path, selecting Properties, and selecting the DFS tab.
1. Open Finder 2. Click "Go" from the top menu 3. Select Connect to Server: 4. Enter "smb://servername/sharename"
Cached Credentials for Laptops:
1. Once the user has logged in, open "System Preferences" 2. Click on the user account 3. Click the Mobile Account: Create button
(10:58:44 AM) Billy: The "Primary Group" note isn't correct anymore. Any Mac computer object can now read the appropriate attributes.