Connecting a Mac to Active Directory

I'm using Leopard (OS X 10.5)...

The follwing outlines a few obstacles that I ran into while connecting my MacBook Pro to a Windows Small Business Server 2003. The obstacles were:

1. The Mac cannot find the Windows Server by name after connecting the Mac to the same network

2. Setting up Active Directory properly proved to be tricky

3. My existing local Mac admin account had the same username as my windows account which really messed things up without warning.

4. Network shares did not appear on the desktop.

Obstacle 1: Windows computer names are not resolving.

I'm not able to use a computer name access any windows resources when I start doing the Active Directory configuration. Ping tests from the terminal do not work when using computer names, but using IP Addresses is fine.

Solution: You need to add a "Search Domain" to your DNS settings

- Open System Preferences -> Network

- Click the Advanced... button

- go to the DNS tab and add a new Search Domain - use your Active Directory domain (ie: 

mydomain.local) -- .local in our case because our AD server is not available on the Internet

- click OK

- don't for get to click "Apply" before you close the Network preferences window

Obstacle 2: Connect the Mac to Active Directory.

The main issue here is that the settings have to be very specific.

Solution: Open Directory Utility (Utilities folder).

- start by clicking on Services

- Select Active Directory and click the pencil icon to edit the settings (you probably have to unlock the settings first by clicking the lock icon)

- the Active Directory Domain needs to be the fully qualified domain name for your active directory server. This was tricky for me because we don't have a domain name pointing at this server. This is an AD server on our internal network. In this case you use the Active Directory domain name followed by .local (ie: mydomain.local)

- I changed the Computer ID to something shorter and easier than what was provided by default

- click the Bind... button - at this point you might be prompted for your Mac admin account information to authenticate - this window looks like the standard authentication window you get any time you need admin permissions. This has nothing to do with connecting to Active Directory yet.

- the next window that opens asks for your Active Directory credentials. The important thing here is the username. You have to include your Windows domain information with your username. In this case using the standard \ character to separate domain and username doesn't work! Use the format username@mydomain.local - again - .local - use the fully qualified name.

- See if this works - you'll be shown status - 5 steps in total as it connects to AD server. I had to retry this about 5 times - an unknown error kept happening at Step 5. I tried a few times without changing any of my info. Came back after lunch and tried it one more time and it worked! Go figure.

- check out the settings under the advanced options - some of them are useful options - especially if you're working on a laptop (create a mobile account). It's probably also a good idea to allow domain admins permission to login as administrators on your mac.

Obstacle 3: After logging in to the Mac with Active Directory credentials things ran really slowly and I got error messages about user folders that couldn't be created.

Solution: Well, to be honest I didn't solve this problem.  My theory is that there was a conflict between the fact that I already had a local account with the name "scott" and that was the same as my active directory account name.  I'm guessing there was some conflict or confusion when the Mac tried to create user settings with the same account name.

I tried deleting various cache files.  I tried deleting my local account with the same name.  I tried changing the username for my active directory account -- this should have worked, but I think there was some serious corruption that happened at the start of this obstacle.  Googling and googling and googling provided various options, none which fixed this issue.

I reinstalled OS X at this point and started over.  Made sure to create my local account with a different name than my windows account.

I'm now able to login to my Mac with my Active Directory account!

Obstacle 4: Network shares did not appear on the desktop

Solution: When I login with my Active Directory user everything works perfectly - including having my networked home directory available automatically.  However, the share to this location was not showing up as an icon on my desktop.  Looks like this is a new Finder feature (sorry, I'm not sure how new since I've just jumped a few OS version numbers here).  The trick is to open the Finder Preferences and check off the option to show network drives on the desktop!