I’ve recently setup a new Windows Server 2016 AD Domain for a client. It is a single DC domain. They have several Macs in their environment and I’m struggling to get the Mac’s to stay bound to AD.
We can get them bound to AD initially, seemingly without a hitch and we can log in and out as various users. Our problems start when the Macs are restarted. When we get to the login screen there is a red dot next to the username box stating that ‘Network accounts are unavailable’. When binding the Macs initially, I ticked on the option to setup as a mobile user and this allows us to login as the users that were logged in before the first restart, but no other users can login after this point and it doesn’t accept the Network Admin account’s credentials to do administrative tasks despite setting the domain admins group as being able to administer the mac.
The domain has been setup as companyname.co.uk. Mac’s are getting their network config through DHCP with the sole DNS being that of the Domain Controller and the search domain being companyname.co.uk. I have tried creating a computer account in AD before binding and letting the binding process create the computer account both ways without success.
I have checked the DNS settings which appeared OK using the following commands:
dig -t SRV _gc_tcp.server.companyname.co.uk
dig -t SRV _ldap_tcp.server.companyname.co.uk
dig -t SRV _kerberos_tcp. server.companyname.co.uk
dig -t SRV _kpassword_tcp. server.companyname.co.uk
The time on both the DC and Macs while not using the same time source are correct.
I read somewhere of someone having a similar issue, where switching off File Vault solved it, but this has not been enabled on any of the Macs I have tried so far.
After logging in as local admin user and going back into the user account settings, the bind still seems to be active but the ‘allow network users to login’ option is missing and if I open network account server details there is a message stating ‘the server is not in your authentication search policy’.
Any help would be gratefully appreciated.