WHY JOIN YOUR MACINTOSH TO A WINDOWS DOMAIN?
- Allows for auto-mounting of your networked home directory.
- More Kerberos security.
- Simplifies access to other EECS Windows resources.
BEFORE YOU JOIN THE DOMAIN:
- Please make sure your system is compliant with minimum campus security standards. In particular, make sure that your system has all updates applied from Software Update.
- When registering your system be sure to select “Yes” when asked to join the EECS domain.
- If local accounts are present on the host, please confirm they have unique names.
If you already have a local account with the same name as your EECS Windows user name, you will need to follow other instructions to join your host to the domain.
TO JOIN THE DOMAIN:
- Log in to your host (you will need administrator privileges to perform these tasks). Make sure you have a successful network connection, so that you can communicate with our domain controllers.
- Open the “Directory Utility” application in /System/Library/CoreServices/
- In “Directory Utility,” click the lock to make changes, and authenticate as a local administrator. Check the box next to “Active Directory” and click the little pencil icon to edit/configure the service.
- In the configuration window that opens, enter eecs.berkeley.edu for the Active Directory Domain and your Windows system name for the Computer ID. Click Show Advanced Options.
- Fill in “User Experience” as you see below (suggested, but optional).
- Fill in “Administrative” as you see below (suggested, but optional). Use the +and – buttons to add or remove administrators. Editing an existing Administrator is not possible. You must remove that user first, and then re-add. When you are done, click Bind.
- The “Network Administrator Required” window will open, fill in the information upon request. You will need a Windows username and password that has privilege to join this object to the EECS Windows Domain. You must also supply the DN of the OU the object is in. Click OK when the information is supplied and you will see the bind steps 1–5 start to process.
- During the bind process, in step 4, you should see the message below, click OK to agree.
- If you are successful in binding to the EECS Windows Domain, steps 1–5 will be complete and the “Bind” button will changes to “Unbind.” Click OK to leave “Configuration” and return to “Directory Utility”. This will also hide “Advanced Options.”
- To complete access check the “Authentication” and “Contacts” categories by clicking the “Search Policy” icon at the top. If /Active Directory/All Domains is not present in both, click Add to add them. Any changes made to “Directory Utility” have to be applied; to apply changes click Apply.
- Quit “Directory Utility”.
Your Apple host is now an EECS Windows domain member. Log out and log back in using your EECS Windows username and password. Your home directory should mount automatcially.