Set-adcomputer -identity $mac -DNSHostName $dnsHostname $macs = get-adcomputer -server -ldapfilter “(&(dnshostname=*.)(operatingSystem=Mac OS X))” -SearchBase “OU=pottery,OU=Delegated,DC=netid,DC=washington,DC=edu” Here’s an example PowerShell script which would allow you to do that across all the Macs in your OU. Fix the dnsHostName attribute valueIf the dnsHostName value is *., you should fix it to be a value which actually resolves to your Mac computer.This dsconfigad option can be used at the time of Mac computer domain join or it can be used after domain join to mitigate this issue.
#How to add mac to domain mac os#
This protects the Mac OS client’s authentication traffic. If you use Apple’s dsconfigad command line tool with the switch “-packetencrypt ssl”, you can tell the Mac OS to use LDAPS (i.e.
#How to add mac to domain password#
That’s not a good thing, especially when you consider that the user’s password is part of that traffic, and at some point the NETID domain will stop accepting unencrypted sessions.However, there is a solution. This means that all the traffic between the Mac and AD is unencrypted, in the clear.
Configure Encrypted Session TrafficWhile the Mac OS GUI claims it will enable LDAP signing by default, in practice, it doesn’t.Search Base Suffix=dc=netid,dc=washington,dc=eduĭistinguished Name=cn=,ou=uwnetid,dc=netid,dc=washington,dc=edu Prior to MacOSx v10.3.3, there was no Active Directory plug-in, so you used the LDAPv3 plug-in.Active Directory plug-in walkthrough: Ĭonfiguration options you’ll need to supply/change in that walkthrough:Īctive Directory Domain=Ĭomputer OU= e.g. Join the MacThe details required to join the Mac depend on the Mac OS version and which Directory plug-in you use.
When creating the computer account, please use a name within your computer namespace reservation(s). If you use ADUC to pre-create the account, you can specify which user accounts are allowed to join the Mac with the same NetBios name as the pre-created computer account. You will not be able to join the Mac to the NETID domain without first creating the computer account as you do not have permissions to create the computer account in the default container for the NETID domain. Computer account creationPre-create a new computer account via Active Directory Users & Computers (ADUC) or your preferred computer account creation tool in the desired OU within your delegated OU prior to actually joining the Mac to the NETID domain.If this is your first time adding a Mac to an OU, then first read the ‘What you need to know first’ section. Like adding a (Windows) computer to a Delegated OU, adding a Mac is a two step process, which can be performed manually using mainstream tools or automated using whatever methods you prefer. UW Chief Information Security Officer (CISO).
0 kommentar(er)
