How do I connect my MacOS System to the UI Domain?

In This Article:

Overview:

This article only applies to University-owned machines. Personal computers and other devices should not be connected to the University domain. A domain is a group of centrally managed computers, whose main benefit is centralized log in. Connecting a computer to the domain allows users to log into the machine with their University of Idaho log in credentials. The following items need to be completed before binding a computer to the University's domain:

  • Register the computer in the Network Management System (NMS). An automatic script will create a record in Active Directory for the computer. That record is what the computer will associate with when attempting to connect to the domain.
  • Obtain administrative rights on the computer.
  • Obtain a super user (su-) account
  • Install the AirVandal Gold certificate 

U of I's domain uses Active Directory (AD) to manage its domain. If you're asked to join or bind your computer to Active Directory, this means it needs to be on our domain. 

If you unable to complete the pre-requisites to run the Domain Joining Tool, reach out your TSP or Local Support for assistance using the link below:

Request connection assistance

This tutorial applies to the following operating system(s):

 Macintosh

Connecting a MacOS System to the UI Domain:

Step 1:

Navigate to System Preferences > Users and Profiles > Login Options

Step 2:

Change the "Display login window" value to "Name and Password"

Step 3:

Click on the unlock icon in the bottom left corner of the window.

Step 4:

Click on the "Join" button next to Network Account Server

Step 5:

For the Server, type "ad.uidaho.edu"

Step 6:

Verify that the computer names matches the name in Active Directory

Step 7:

Enter you su- username and password

Step 8:

Enter the administrative credentials to proceed

Step 9:

If the Mac successfully joins to the domain, a green icon will appear next to the "Network Account Server"

Back to Overview

Recommended Additional Set Up:

Step 1:

After connecting to the domain, go back to "Network Account Server" and click on "Edit"

Step 2:

Click on the padlock icon and enter administrative credentials to unlock

Step 3:

Click on "Active Director" and click on the pencil icon towards the bottom to edit. 

Step 4:

Click on "Advanced Options"

Step 5:

Under "User Experience", check "Create Mobile Account at Login".​​​​​

Step 6:

Uncheck "Require confirmation before creating a mobile account".

Step 7:

Under the "Administrative" tab, check the "Allow administration by" box and add a new admin "computername-ws-administrators". This will grant admin rights to members of the administrator group. 

Back to Overview

Details

Article ID: 1254
Created
Thu 1/31/19 12:20 AM
Modified
Tue 5/19/20 11:57 AM