Big Sur: Domain Admins no longer have administrator privileges on computer

Thank you for your response.

I have managed to solve the administrator issue using ADUC (Active Directory Users and Computers). Go to the Administrator user, right click and select "Properties". Now select the "Member of" tab. At the bottom it has a checkbox that states the default group as "Domain\Users" and it states that this group doesn't really get used for anything and there is no reason to change it unless you have Macs or POSIX systems on your network.

I selected the "Domain\Admin" as the default group then went to the iMac. I had previously deleted the Administrator user so when I logged in a new Administrator user account was created. This account was now recognized as belonging to the Admin Group with the related privileges.

It appears that the iMac was only recognizing that the Administrator belonging to the "Domain\Users" group. I can see this causing a number of issues since the Administrator belongs to a number of different groups by default.

Okay, I logged out and logged back in. This resulted in the "Network Account" folder suddenly appearing. Along with it, the mysterious item in the "Login Items" as below:

My gut feeling is that when I login, the iMac is not actually authenticating with Active Directory (I still have mobile folders set). At some point after I login, the iMac does authenticate with AD (that is why I can browse the AD server) but this is too late for the "Network Account" folder to show up since it is a "Login Item".

When I logout and log back in again, the authentication goes through as it should and the "Network Account" folder appears and functions as it should.

The solution to get the "Network Account" folder to appear is to:

1. Turn on the Mac
2. Login
3. Logout
4. Login

Hello Nicholas,

I have successfully configured AD a year ago with Catalina. It worked flawlessly. These issues started when I install Big Sur. As I type this the "Network Home" folder is nowhere to be seen; however, it did show up yesterday when I logged in.

The green light is on in the Directory Utility and it lists all the correct Domain information (users, certificates, computers). The issue seems to be with the iMac. It just decides to connect to the Domain or not upon a whim.

Once I log in, I have to manually specify the AD server in finder for finder to find anything. Otherwise the AD server is not listed. Interestingly enough, it does show other windows computers on the network. All the Win10 machines work as expected on the network.

Hello Celliot,

I don't have any new iMacs, so the issue is with the old ones that have switched over to Big Sur. When they were running Catalina, I did not have them configured as "mobile" which became an issue when they weren't on the network (couldn't be used). With Big Sur I have now set them up as "mobile" which seems to make OSX lazy and not bother trying with AD since they can login without AD.

I don't understand how Macs are supposed to be integrated into an office environment when the most secure network solution is Active Directory. Authenticating users and devices is a great idea and its all super simple to configure and manage with AD (I am a very long time [since the 1980s] Unix and Mac person but I can give credit where credit is due). Having Macs not play nice with AD seems to be shooting themselves in the foot. We've had a number of people push for more Macs at the office, but the configuration issues have kiboshed that to date.

Now the only annoyance is the sporadic appearance of the "Network Account" folder in the taskbar. It appeared once yesterday but not today. I've created a "Login Item" that automatically opens the folder. It does appear in "Finder" but not on the taskbar.

I did notice something interesting yesterday when the "Network Account" folder appeared on the taskbar. The "Login Items" had an additional item. I should have taken a screenshot of it because it was simply called "/" and was marked with a yellow triangle. I appears that when that "Login Item" appears so does the "Network Account" folder on the taskbar. Now if I could just figure out what causes that item to appear.