Active Directory
Introduction
With Relution it is possible to configure MacOS devices in such a way that login with accounts from a Windows domain is possible. The domain controller must be accessible for this.
Prerequisite
The usual requirements for the domain controller apply. The following instructions are based on tests and experience with a Windows Server 2019 Standard Edition.
- Domain Controller
- Administrative permissions in the domain
- MacOS device must be able to resolve FQDN from domain controller. (Entry in the hosts file is not sufficient).
- MacOS device must be able to reach the domain controller
- Computer account in the domain
Configuration of the Active Directory policy
The configuration shown here is only an example and has been tested with MacOS 13 and higher.
Add the configuration
Active Directoryin a policy for MacOS.Configure at least the following parameters:
| Option | Value |
|---|---|
| Name | Name of configuration |
| Active Directory domain to join | Name of the domain (e.g. relution.loc) |
| User name of the account for the domain | Username of a domain administrator |
| Password of the account for the domain | Password from the user |
| Create a mobile account at login | ON |
- If the policy has been applied with the configuration on the Mac, restart it in any case to reduce login problems.
When the policy is removed from the Mac, the computer account is also removed in AD.
Possible Errors
- (1) The ‘Directory Binding Account’ payload could not be installed. Attempts to bind to the server ‘rltn.mway’ returned an unspecified problem. (-319)
- Check whether a computer account with the name of the device exists on the DC.
- (1) The ‘Account for mounting in directories’ payload could not be installed. The server ‘rltn.mway’ was not found or is not responding.
- Check whether the domain controller can be reached from the Mac. The FQDN must be resolvable.