Adding Macs to Active Directory using Mac OS X 10.3

Adding Macs to Active Directory using Mac OS X 10.3: "Adding Macs to Active Directory using Mac OS X 10.3

2/3/2005


Configuring Directory Access

1. Open the Directory Access application located in /Applications/Utilities/.

2. Click the Padlock buton to authenticate if necessary.

3. Check the box next to Active Directory and click Configure…

4. Enter iastate.edu in the Active Directory Forest and Active Directory Domain fields.

5. Enter a Computer ID that you want to use. A computer object with this ID must be pre-created in Active Directory, which requires Domain Admin rights.

6. Click the Show Advanced Options button.

7. Check the option to “Cache last user logon for offline operation” if needed.

8. Check the option to “Allow Administration by” if you want to allow domain admins or other specified domain users/groups admininstrative rights on this computer. Separate each object with commas. Each domain object listed must be preceded by IASTATE\.

9. Click Bind… You may be asked for a local Admin username and password. Enter this information and click OK.

10. You will then be asked for a Network Administrator username and password. This is simply a domain user with Domain Admin rights. You will also be asked for the Computer OU which is simply the path to the OU that you pre-created your computer object in on Step 5. An example would be CN=workstations,CN=a d p, CN=a d p,CN=vpbus,DC=iastate,DC=edu.Mac OS X 10.3.4 requires you to enter the exact OU, but starting with Mac OS X 10.3.5 you can just leave the default settings and the computer object will be located automatically.

11. You may see the message “Kerberos file already exists”. Click Rename.

12. You will see the message “Join existing account?”. Click OK.

13. Click OK again to get back to the main screen of the Directory Access utility.

14. Click the Authentication tab. Select Custom path fro"