I am trying to bind a Lion 10.7 mac to Active Directory

There *may* be .local issues, I've set my preferred DC to an IP address.

Don't get me wrong, I love Apple stuff and I far prefer OSX to 'Doze but I can't recommend it to my business customers in the current condition.

*When it works* and we can have Office 2011 with Outlook and profiles that are robust enough to log on instantaneously whether you're in the office or out on the road we'll be there, but not till then.

At least I'm kind enough to test in-house before we recommend any solutions to our customers 🙂

Hi Lisa,

I'm dual-booting since this is my home personal network. I'm originally a Windows user and have been easing into the transition to OS X. I have an SBS 2003 server setup on the Windows side. My interest in using OS X joined to my active directory is primarily to safeguard my files and ease the accessibility to my LAN folders. This is useful for the Plex media server i'm running off a Mac mini (movie files are on the SBS box), as well as keeping my kids out of trouble when they upload their photos (and ensuring what they upload off their Macs gets backed up on the SBS server).

As for VM Ware, i'm using Snow Leopard server (developer version) running on VM ware on the SBS server. I suspect that's a big no-no, but the mac mini alternative has been eliminated since it has Lion on it and I can't get the **** thing to work.

As an aside, I reformatted the OSX partitions last night to go back to Snow Leopard. The thing joined the AD and OD domains so easily I couldn't believe my eyes. I'll stay on SL until I hear much better things about Lion. For now, I'll stay far far away.

Steve Laurel wrote:

lmadden wrote:

Get the red dot. If you look in Directory Utility, however, it looks happy. Says it's bound, everything is as it should be. But it does not work.

This is EXACTLY what I am seeing also.

I found the solution, at least to the problem above....

solution: add the AD domain to the search domains under network settings.

steps: system preferences--> network--> select the network connection on left--> click 'advanced' button bottom right--> click DNS--> click + under search domains--> add you domain

Note: even though you may see the correct domain already, you still need to manually add it

My only question, does it stay there (working correctly in letting network users login) after a restart and if you have he users folder cached on the computer, does it allow them to login after delete the user and restart? If it does, then congratulations!

If not, well a number of different "cures" seem to work but only once or twice then the problem returns and the previous "cure" will not correct the problem.

An interesting point. I filed a Bug Report with Apple about this Active Directory Problem last Friday. I received a Report number indicating it was entered in their system. Today I take a look and it is not in my originated reports nor is it able to be found using the Search function of Bug Reoports. The other Bug Report I filed today about Remote Desktop hanging on "transferring reports" when gathering information from remote system IS listed in my records at the Bug Reporter. Not sure why the AD problem can't be located.

Mine's currently working with a preferred DC set by IP address and a list of users at logon.

Slow? It's probably taking three or four minutes from startup to the UI being usable. It was fifteen seconds when I bought it running SL a few months ago, I *can* log in to AD but I'm bloomin well not going to if it takes this long.

Lion is not ready for deploying in a production environment in it's current state IMHO.

I had the same issues here. Windows 2008r2 server running an AD, couldn´t bind with lion client. After entering the domain name in the search domain field on the client (as stated above) I got rid of the red dot a could finally log in. BUT IT TAKES FOREVER! It´s not usable what so ever!

I talked to a guy at Apple the other day about this and he said that the best solution when you want to connect a Mac client to a Win AD is to set up a Mac server as a slave to the AD and then connect to it from the Mac clients using OD. Can anyone verify that this is a good solution for a mixed (Win 7/Mac) environment?

For me, the following steps were needed to get the AD running (I'll really start at the top). Since I am using a german localisation some wording may not be 100% accurate, sorry for that.

• Be sure the Mac gets proper DNS, can connect to network volumes and "behaves right"
• Open System Preferences - User & Groups - Login Options (below the user list) - edit the Network Account server, press <+> and enter your server (e.g. pretend.co). Enter your diradmin credentials. You should see the AD-Domain listed now.
• Open the Directory Utility, click on "search path", press <+> and add /Active Directory/SERVER and /Active Directory/SERVER/All Domains, where SERVER is the name of your AD Server. Don't forget to press "Apply"! Close the Directory Utility again.
• If all went right up to here you should see a new field in the System Preferences - User & Groups - Login Options just above the Network-Account-Server which you should enable: Allow network users to login (or something like this). If you cannot see this field there is still something wrong. I could always get this checkbox to (re-)appear using the step above in the Directory Utility or by doing the following:
• If you don't see the checkbox above and/or you get a red dot at the System Preferences Network-Account-Server try to kill the opendirectoryd by opening the Terminal and typing "sudo killall opendirectoryd". Enter your admin credentials and the opendirectoryd is killed and automatically relaunched. For neary all my cases the red dot immediately changed to green. If not, repeat the terminal command.
• Now you should log out of your account and re-login using a network account.

Should this help you you could e.g. write a script to check for a specific user in your SERVER and SERVER/All Domains search paths using dscl and killing opendirectoryd if this is not the case. I am trying to automate this at the moment and set the script to run at boot.

Hope this helps someone.

Excellent, so it's just a question of being patient for a fix :-)

How's the SMB performance when logged in? Have you had a chance to try using an AD login when not on your local LAN?

I hope you are right. I have 3 test Macs, one never had a problem, the others did. And for the hidden Library just press <ALT> when in the Go To menu ;-)