You will need local admin and AD rights to bind. Computer object needs to be pre-created in AD. During the bind process, you will be prompted several times for you local admin password.
- Open Directory Utility within Macintosh HD -> Applications -> Utilities.
- Click on the Services icon. Verify that the check box next to Active Directory is checked, then click the small pen icon above the lock in the lower left hand corner.
- Type in the domain and computer name that has already been created in Active Directory, then click Bind...
- Type the username and password of the AD account that has domain bind rights and Computer OU:, which is the distinguished name of OU path that contains the computer object. Example: OU=sstest,OU=Test,OU=Staff,OU=Workstations,OU=SupportCenter,OU=ADCS,OU=OIT,OU=TC,OU=Units,DC=ad,DC=umn,DC=edu
Type in your local admin password if prompted and click OK.
- Click OK. You may get prompted to replace your Kerberos file, which is fine to replace but will cause issues with any other Kerberos configuration that have been manually created.
- Click OK, then verify that the Operating System Name and Version populated in the computer object within the Active Directory Users and Computers console.
NOTE: If you want to support login when no connection to Active Directory is available, check the Create mobile account at login box.
NOTE: When a user's password is changed via www.umn.edu/myaccount, the login keychain for the user will still contain the old password. This is have to be reset or deleted on each computer the user has accessed.
- Open Keychain Access with Application > Utilities
- Click on the Show Keychains button, if the keychains are not visible.
- Select the login keychain
- From the Edit menu, select Change Password for Keychain "login".
- Enter the old password and the new password, and click OK.
- You may need to logoff and back on for all functionality to work again.