MacBook Pro Join Windows Domain

I am a newbie on Macbook Pro and cannot connect it to our windows network.  I have gone to system preferences>Users & Groups > Login options>Network account server>join>  Entered the DHPC server, the MAC seems to see the server because it goes right to the next step.  I have the Client Computer ID: set up on the server.  For AD admin User: I used administrator@domain.local and entered the password

It will not connect.  Please help!
LVL 2
CompTech810Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tom BeckCommented:
Here's the way I do it.

1.) Users & Groups --> Login Options. Click "Join"
2.) In the drop down window click "Open Directory Utility"
3.) Click the lock to unlock the Utility for modification with your local (MacBook) admin account.
4.) Click Active Directory then the pencil icon to configure.
5.) Fill in Active Directory Forest (if applicable) and Active Directory Domain. This must be the qualified domain name with a ".com" at the end. Fill in the Computer ID.
6.) Click the drop arrow to open the additional configuration options.
7.) Click the Administrative tab and check the "Prefer this domain server" and enter the FQDN for the AD server like
<machinename>.<domain>.com
8.) Click "Bind", enter the Domain admin credentials. This would be admin username and password, not administrator@domain.local, as if you were logging into the AD server as the domain admin.
0
CompTech810Author Commented:
Thanks for the quick reponse.

I thought I better ping the DHCP server and I am getting no response.  I did ping the gateway and I am getting a response.... Hmmm
0
CompTech810Author Commented:
Never mind I am getting a response, sorry
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

CompTech810Author Commented:
Where do I put in the IP of the DHCP server?
0
Tom BeckCommented:
DHCP server IP address doesn't really enter into the equation unless your DHCP server and AD server are one in the same machine. You could use the IP address of the Active Directory server in the "Prefer this domain server" box but it would still have to be fully qualified, like:

192.168.1.2.<domain>.com

There's no other box that will accept an IP address that I know of. If you are on a Domain then you must have a domain name. The machine that runs Active Directory must have a machine name. I don't know why an IP address would ever be necessary. It's also bad practice. If the IP address changes, things could stop working.
0
Tom BeckCommented:
On our Windows 2003 SBS Active Directory server I go to Control Panel --> System. Open the Computer Name tab and the full computer name and full domain name are listed there. Does that help in your case?
0
CompTech810Author Commented:
I have done exactly what you have said and it still says "Authentication server could not be contacted"  I have pinged the server, using IP address and the DHCP server responds.  I'm at a loss....
0
Tom BeckCommented:
"Authentication server could not be contacted".

I can recreate that error under the following circumstances.

1.) I have an cable connecting my laptop to the domain's network and my Ethernet card is getting an IP from the DHCP server. It's a 10.0.0.0/24 network.
2.) At the same time, my wifi adapter is picking up a connection to our "Guest" wifi network which is routed differently. It's a 192.168.0.0/24 network

The simple fix is to disable my wifi and I am then able to bind my Mac to Active Directory. Why the mac is requesting to authenticate on the wifi network ONLY instead of trying all available networks is a mystery to me but the fix is simple enough so who cares. The point is, make sure your request for authentication is being routed through an interface that's on the same network as the AD and the Mac has no other routing choice. Because of this odd behavior, successfully pinging the AD server is not a guarantee that it will be reached during the authentication phase if you have multiple adapters connected to different networks.

Make sure the credentials you are using to join the Mac to the domain have the necessary rights to do that. I use an account that is a member of Domain Admins.

One other point. You don't need to add the computer to the AD before joining the Mac. The Mac should suggest a computer ID and pre-populate that text box. You can either accept or change it and an object with that name will be automatically added to AD when you bind.

I hope this helps because I'm out of ideas.
0
CompTech810Author Commented:
The MacPro I am working on doesn't have a network port only WIFI.  I checked what IP it is getting and it is correct, and the DNS servers IP address that it has is correct.  Do you know of someone that can remote to the Mac and double check I'm doing it right.  We have a new CEO starting Monday..... Uggghhh  why does he want an Apple!!!!
0
Tom BeckCommented:
I don't know of anyone personally who could log into the Mac remotely. I'm sure any reputable computer network service company that has familiarity with Macs would do it for a fee. I would not say Geek Squad but there are many other services. They may need to also remote into the AD server.

How about this? If you do a Command + Shift + 4 on the Mac keyboard you get a crosshair that will allow you to draw a square around the dialog boxes you are presented with during your attempt to join (including your input) and post the resulting partial screenshots here. (The partial screenshots will land on your desktop when you let go of the drag to define the screen grab area.) I can check your input fields for any glaring errors.
0
CompTech810Author Commented:
Good idea but I don't want to share with the public our domain name as it is the company name.  Do you know if I can delete the image after we are done?
0
Tom BeckCommented:
Negative. Why don't you email them to me at my throw-away email account.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CompTech810Author Commented:
Tom Beck had me add .local to the end of my domain, exp.  domain.local and it worked!!  Thanks so much Tom Beck!!
0
Tom BeckCommented:
You're welcome. Thanks for the points.

I had originally assumed that the domain used the standard .com TLD extension when I typed out the instructions. Upon seeing your screenshots I realized that yours was set up with .local.  

I hope you are not running Exchange from that domain or any other web services. Certificate Authorities are cracking down on non-standard TLDs as of November 15, 2015.
0
CompTech810Author Commented:
The .local is only internal.  The emails do have .com on them.  I'm not sure why the system is setup with .local, I wasn't here when that was implemented.  Thanks for the info!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Mac OS X

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.