I've seen a lot of people asking how to setup Active Directory (AD), so I thought I'd post my setup which works. This assumes you have a working AD tree, properly configured DNS, and an account that can add computer objects to AD. Here's what the plug-in configuration looks like in Directory Access (located in /Applications -> Utilities):
- Active Directory Forest: forest.company.net
- Active Directory Domain: mydomain.forest.company.net
- ComputerID: mycomputer
You can make the forest the same as the domain if your users don't need to access resources outside the domain. I found this also speeds up authentication in some cases. When you click on Bind..., you have to enter a username and password that has rights to add computers. The format is just:
username
password
Advanced Settings:- Turn on the account cache if the computer will be used offline.
- Turn on multiple domains if users need to access multiple domains
- If you have more than one domain controller, you can specify the one you want to use: pdc.mydomain.forest.company.net
- Map a UID: If you don't know what this is leave it alone.
- Allow administration by: you can put an AD group name here and anyone in that group is added to the local admin group in netinfo.
Select OK, quit Directory Access, reboot.