Mac can't logon with Domain Account when outside of LAN

We have one Macbook Pro that is connected to our Windows Domain (just like a bunch of other Macs BTW), but it is having a problem where, when the user leaves the LAN, they can no longer log into the computer using their domain credentials.

What sorcery is this?

Is there an option to "It just works" this, as you would expect on a Mac?  Also note that other Macs that are connected to the domain are not having this issue.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Leroy LuffHead of IT & DIgitalCommented:
It is most likely because the other Macs are setup up to create a local account when they were joined to the domain initially.

Please go to directory settings and open Active Directory. You will see there is an advanced section. You will find that the Macbook experiencing the issues will not have create local account ticked.

Tick it and log in again. After this the Macbook will be able to logon outside the network.
CnicNVAuthor Commented:
and where specifically is this option?
Go into System Preferences and choose the Users and Groups icon.  Then choose Login Options on the lower left side of the window. You should see an item on the left called Network Account Server and the name of your domain.  You will probably have to hit the padlock in the lower left in order to make changes.  Anyway, after doing that click on the Edit button next to the domain name. You domain should be selected and the click on  Open Directory Utility. Again, you may have to click on the padlock to gain access to editing things.  After doing this click on  Active directory and click on the little pencil icon above the padlock. Once the next window open up, click on the little right facing arrow in the middle of the window to open up the hidden areas.

In the User experience section you want the Create mobile account at login  box checked. Then OK your way back out.

This causes the Mac to cache a users credentials whether local or AD to the Mac and will allow them to access their Mac when not on the network using their AD credentials.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CnicNVAuthor Commented:
Perfect.  Thanks:-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.