Allow Mac OS X user to logon to Mac using Server 2016 AD account while outside of company office

A user with a Mac OS X computer says that he doesn't have the option to login to his Mac whenever this Mac is outside of our office. This Mac has all of the latest Mac updates installed.

This Mac is joined to our Server 2016 Active Directory domain and the user logs onto the Mac using his Active Directory account. Our local area network is using an IP subnet of

I have set the Mac so that it prompts the user to login with his account name and password.

This user says that whenever he is outside of our office the only options he has is to login to a local Admin account that I have created our to login using the guest user account.

Is there a keystroke combination (similar to CTRL-ALT-DEL on a Windows computer) the user can press to switch back to the username and password login option rather than the user clicking on the account name he would like to login with?

Also since the user is outside of the office and we don't have a VPN setup will the user be able to login with his Active Directory username and password even though the Mac won't be able to contact the Active Directory domain controller?
IT GuyNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Peter HutchisonSenior Network Systems SpecialistCommented:
You need to enable 'Create mobile account at logon' so that cached credentials are allowed when the machine is disconnected from his work's network.  See the Directory Utility Advanced Options to enable this option.

See also

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IT GuyNetwork EngineerAuthor Commented:
I have reviewed the URL above and have followed all of the instructions.

However, I'm still encountering the exact same issue where the user is forced to login with a local account first and then once the user logs out of the local account he has the option to then login using his AD username and passsword.

We need to have local login accounts available on the Mac that can be used to login to the Mac by the local administrator (me) if the need ever exists. These can't be removed or disabled.

I also need to make it so that the Mac can also be logged into using Active Directory usernames and passwords.

How can this be done?

Please let me know if any further information is needed.
Do you have filevault enabled on this Mac?  Did you enable the Domain account as a filevault user?
IT GuyNetwork EngineerAuthor Commented:
What steps need to be followed to enable the domain account as a filevault user?
It's the same steps as enabling a regular account, once you've converted it to a mobile account.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.