Macs, Active Directory, and Multiple Domains

by Eric Stewart on Feb.05, 2010, under Computers, Networking, Technology

I know – it’s been a while. And there are a lot of posts I’d like to make, but for now we’re taking care of some quick business since I ran into this at work and much of this is a copy and paste from an email to my cohorts there.

For a while now, most of the Macs (workstations, anyway) that I’ve had to deal with I’ve put into Active Directory (in Snow Leopard, this is done through “System Preferences” – “Accounts” – “Login Options” – “Network Account Server” – at this point, I usually tell it to give me the directory utility).

We’re doing some coolio stuff at work with remote access and thin client/app stuff. I got myself added to the test systems the day before yesterday, so I didn’t realize what was going to happen, until this morning.

See, even when a Mac is in AD, you can’t specify which domain to authenticate against. Near as I can tell, by default, it:

Tries to find you in the domain the Mac has been placed in (which, since I’m prepping for centralization, is now not the same domain my account is in).
Failing to do so, if it’s allowed by settings, it then goes through the domains in alphabetical order and matches your username up.

Unfortunately, there’s a domain for this app stuff we’re working on, which alphabetically comes before the domain my account is currently in. So I couldn’t log into my Mac as me this morning (at least not with my usual password and account configuration). So, I scrambled for a workaround …

If you look at the “Directory Utility”, you see by default “Services” (the first one being “Active Directory” and where you go to “Bind” a Mac to a domain as well as configure administrative privileges). The next one is “Search Policy”.

The last thing listed is usually “/Active Directory/All Domains”.

It can take a few tries of “+” to get it to show you an actual list of “Available Directory Domains”, but once it does, you can select a domain to “Add” to the list. Click dragging allows you to reorder the list after you’ve added the domain in question.

Now you know. And knowing is half the battle.

:activedirectory, linkedin, mac

Hi! Did you get all the way down here and not find an answer to your question? The two preferred options for contacting me are:

Twitter: Just start your Twitter message with @BotFodder and I'll respond to it when I see it.
Reply to the post: Register (if you haven't already) on the site, submit your question as a comment to the blog post, and I'll reply as a comment.

You must be logged in to post a comment.

RSS feed for this post (comments) · TrackBack URI

Dad called it
"Running Off At The Mouth."
Welcome to the blog of Eric Stewart. This blog is likely to contain articles involving subjects ranging from SCUBA diving and photography to computers and other technologies, or anything else I want to babble about. When I blog, it tends to be stream of conscious, so there's likely to be occasional tangental paragraphs or glaring grammatical errors (though I often reread the blogs after publishing and always go back and correct the errors I spot ... and occasionally add whole paragraphs). And fair warning: I can sometimes be very free with my language.

Feel free to stay updated by subscribing to the RSS feed.
Recent Posts
Browse by tags
cisco cisco-live sprint linkedin twitter android samsung-epic blackberry palmpre centos cisco-nexus nexus-7700 apple travel iphone mac verizon web google facebook win7 ipv6 nexus-7710 photos dual-booting ubuntu load-balancer network-field-day activedirectory nfd29 ccie cacti pebble iphone5 ipad2 email mysql winxp firefox vmwarefusion brighthouse gmail newegg blogs vista

Categories
- Life
  - Food
  - Home Stuff
- Movies
- Photography
- Politics
- SCUBA
- Technology
- TV

Meta
- Log in
- Valid XHTML

Eric Stewart: Running Off At The Mouth