Home » Hardware Security » Laptop Encryption » Is my laptop already on the domain? » Join Mac Laptop to the Domain

Join Mac Laptop to the Domain

Follow the steps in the tutorial to Join your Apple Mac laptop to the University domain

An account must exist on the domain before the laptop can join it. Contact the Service Desk at 210-567-7777, option 1 to have them create the domain account, then proceed with joining the domain. Go to Step 7 to check the system’s computer name for the domain account. When the domain account is created, return here and begin joining the Mac laptop to the domain.

This tutorial can also be viewed in a printer-friendly PDF format.

Step 1

1) Go the Apple Menu and open System Preferences.
Step 2

2) In System Preferences, select “Users and Groups” (if you are running Mac OS X 10.7 Lion) or “Accounts”(if you are running MacOS X 10.6 Snow Leopard or earlier).
Step 3

3) In the resulting pane, click Login Options (see the image above; you may need to click the padlock in the lower left-hand corner and enter your Mac user credentials to unlock the preferences).
Step 4

4) Click the window’s “Show All” button to return to the full System Preferences window.
Step 5

5) In System Preferences”, check to see if the Absolute Manage icon is present.
Step 6

6) Click the Client Information tab and check the version number in the lower right-hand corner. As of June 2012, this should show “(v.2409)”. If your installation was prior to June 2012, review the <a href=”http://ims.uthscsa.edu/information_security/how
Step 7

7) Click the “Show All” button again to return to the full System Preferences menu. Select and open the “Sharing” preferences.

In the Sharing preferences window, your Mac’s “Computer Name:” is shown in the top field.

Note: Active Directory limits computer names on the domain to 15 characters, and does not permit spaces. The current naming convention is “Dept-UTTag”, where Dept is
Step 8

8) Unlock the Sharing preferences, if necessary, by clicking the padlock in the lower left-hand corner. You may need to provide your laptop login credentials.
Step 9

9) Click “Screen Sharing”, click the button next to “Only these users:” (under “Allow access for:”), click the “+” button, and add the Administrators group.
Step 10

10) Click “Remote Login”, click the button next to “Only these users:” (under “Allow access for”), click the “+” button, and add the Administrators group.
Step 11

11) Click the “Show All” button again to return to the full System Preferences window.
Step 12

12) Select and open the “Users & Groups” preferences (for Mac OS X 10.7 “Lion”) or the “Accounts” preferences (for Mac OS X 10.6 “Snow Leopard”).
Step 13

13) Unlock the preferences, if necessary, by clicking on the padlock in the lower left-hand corner. You may need to provide your laptop login credentials.
Step 14

14) Click “Login Options”, then click the “Join…” button next to “Network Account Server:”.
Step 15

15) When the window below appears, click the “Open Directory Utility …” button.
Step 16

16) When the Directory Utility launches, unlock it, if necessary, by clicking the padlock in the lower left-hand corner.

Select the “Services” icon on the top toolbar, the double-click “Active Directory”.
Step 17

17) When the Active Directory pane appears, click the “Advanced Options” expansion arrow to display all settings options, as shown below.
Step 18

18) Enter win.uthscsa.edu in the “Active Directory Domain:” field. In the “Computer ID:” field, make sure the entry matches the Computer Name you created in Step 7. If necessary, change it here so that the values match.

Note: If you will be using SecureDoc to encrypt your Mac laptop, proceed directly to Step 20. If you will be using FileVault 2 to encrypt your Mac laptop, continue on to Step 19.
Step 19

19) Under the User Experience tab, check “Create mobile account at login” and “Require confirmation before creating a mobile account”; this will save the account to the Mac operating system, allowing user to login even if Mac isn’t connected to the domain.
Step 20

20) Check the remaining boxes as shown here.
Step 21

21) Click the Administrative tab, and put a checkmark in the “Allow administration by: box. Click the “+” button, then enter uthscsaAbManAdmins as shown below.
Step 22

22) Click the “Bind …” button to join the Mac laptop to the UTHSCSA domain and Active Directory. NOTE: When the binding operation has been completed successfully, the “Bind …” button will change to an “Unbind …” button.

Click the “OK” button and quit the Directory Utility.
Step 23
23) RESTART YOUR MAC. Note: To log in using your domain account credentials for the first time, you will need a physical (wired) network connection within the university. Subsequent logins can be accomplished wired or wirelessly.

Whenever your domain password is updated or otherwise changes, you can access the domain via VPN to synchronize the password with your mobile account.

Note: By default, the new mobile account you created will be a standard user. To promote it to an administrator account, return to the Users & Groups (or Accounts) screen in System Preferences.

Unlock and authenticate with a valid administrative account.
Step 24

Select your account name and check “Allow user to administer this computer”. This is greyed out in the example because the panel is locked.

Lock the panel when you’ve finished making your changes.

Your MAC laptop has now been joined to the UT Health Science Center San Antonio domain.