Adding Mac to windows Domain

Joining Active Directory

By default, you will have to enter your domain username and password every time you access a server resource when that resource is not connected to the Mac (i.e., right after bootup, after a share has been “ejected”, or if a network connection drops the connection to the server). By joining the Macintosh to Active Directory, you can log into the Mac with your Active Directory user credentials and not have to enter them every time you access a shared resource. To be able to log in to the Mac with Active Directory credentials, follow these steps.

1. From the Utilities folder in the Applications folder, open the Directory Utility application.
2. Once the application opens and finishes the process of detecting directory servers on the network, click the Show Advanced Settings button.
   
3. When the Advanced Settings appear, click the Services icon.
   
4. Click the lock to get access to the panel. You will be prompted for credentials. Enter your Macintosh username and password, then click OK.
   
5. Double-click on the Active Directory line to open the Active Directory configuration.
6. Click on the Show Advanced Options triangle.
   
7. Enter the internal domain name in the Active Directory Domain field.
   
8. Change the name of the Mac to a shorter name in the Computer ID field.
9. Turn on the Create mobile account at login checkbox.
10. Select the Administrative tab.
11. Turn on the Prefer this domain server checkbox and enter the fully-qualified domain name of the SBS server (i.e., servername.domainname.local).
    
12. Turn on the Allow administration by checkbox.
13. Click Bind to join the Macintosh to the domain.
14. Enter the domain administrator username and password when prompted. The Macintosh will be placed in the Computers container by default. This can be changed in Active Directory later if needed.
    
15. Once the join process is complete, you will see both the Active Directory Forest and Active Directory Domain fields populated.
    
16. Confirm that the Active Directory checkbox is enabled in Directory Utility and close the application.
    
17. Open System Preferences and click the Accounts icon.
18. Click the lock to make changes and enter the password for the local Mac account.
19. Click on the Login Options icon in the navigation tree.
20. Set Automatic Login to Disabled.
    
21. Close System Preferences.
22. Log out of the Mac account by selecting Log Out from the Apple menu. You do not need to restart the Mac to be able to log in with your Active Directory credentials.
23. When you get the login screen, click Other.
24. Enter your Active Directory credentials as domainname\username.
25. You will be prompted to create a mobile account. Click Create Now.
26. Once login completes, open System Preferences and open the Accounts pane.
27. Click the lock to make changes.
    
28. When you are prompted to enter an administrator credentials, you will need to enter information for the local Macintosh account. You will need to enter the short name as the account name. If you are not sure what the short name is, log back in as the Mac user and look for the name of the home folder. The home folder is named with the short name of the account.
    
29. After you enter the authentication information, turn on the Allow user to administer this computer checkbox.
30. You will get a message that you need to log out and log back in for the settings to take effect. Click OK.
    
31. Log out and log back in with the Active Directory credentials.
32. Open a new Finder window and select the server name in the Shared section of the navigation tree. All of the shares on the server will appear and can be selected from here. You can also use the Connect to Server method described earlier in this document to connect. The difference is that you will not be prompted to enter a username and password when you enter the network resource you wish to use.