Cannot bind to Active Directory

Windows Server 2008. Yosemite. FQDN in the DNS Search Domains. IP Address of Server for DNS, AD Server listed as WINS Server. I'm not having any luck either. It is a Yosemite only problem, and pretty disabling as far as being able to move forward with new computers.

This worked for me.. 🙂

After I did this, Yosemite was able to join our Windows 2008 r2 domain. Just add the local dns server to the search side using this article http://support.apple.com/kb/TS4600

To bind my Yosemite box to my Server 2012 R2 Domain Controller I had to create the computer in AD Users and Computers on the server first and then when I went to bind it on Yosemite I didn't have any issues. For some reason it was failing with 'unknown error occurred' before the computer was created in AD.

I have been on the phone for hours with Apple Enterprise Support regarding this issue. To recap, my macmini server was running OS X 10.8 and had the server app v2 installed. It was bound to our Windows 2008 R2 active directory server. After upgrading to OS X 10.10 Yosemite, and installing Server App v4, I found the server was unable to see users, groups and devices on the AD server. I unbound the macmini from the AD server and attempted to rebind the macmini server to the AD server. This fails with an error "Authenticatin server could not be contacted (5200)".

Apple Enterprise Support tells me (after being escelated to their level 3 engineering team) that this affects OS X 10.10 servers and not non-server OS X 10.10 installations.

They gave me two solutions which I can try.

1) the short term solution was mentioned in an earlier post. They said to be sure our DNS server's Start of Authority (SOA) record is using a mydomain.local entry. Then add the mydomain.local to the search domains mentioned in earlier posts.

System Preferences > Network > Advanced > DNS > Search Domains... Add your domain with the .local at the end.

Then try to bind to AD again.

2) their next proposed solution was something they highly advised to do as later 10.10 updates will start making this more necessary! They couldn't give me exact steps for how this is accomplished. They said, and I quote, "do open heart surgery on your domain controller or DNS server to add a .private domain name." Then bind to the .private AD server name. For instance, ADServer.MyDomain.private.

They hey said this is a known problem, but only with Yosemite servers, not Yosemite workstations that are not servers. I found this to be true in my environment as all Yosemite laptops and desktops bind fine, but my macmini server failed to bind.

Hope this helps.

I will try to repost when I try their advice.

This might be related or might be a topic that needs it own thread.

We have upgraded our MacMini from Mavericks Server 3.2.2 to Yosemite and Server 4.0

Our domain controller sits on a Windows 2003 server (until next March).

Previously, from that Windows server we had mapped a connection to a share on the MacMini. Now that mapping doesn't work and a new mapping cannot be made. The MacMini does show in the mapping attempt but when I click on it to open it to choose the share to map to, the server fails to open to display the various shares. Similarly, none of our Windows 2007 computers can map to that MacMini. I tried the various suggestions in this threat --except for the 2nd suggestion that Directorbradx received from Apple. I am not fully clear exactly what I should do there. Maybe Apple will provide clearer instruction for that at some point?

Until then --any suggestions?

Or should I make this its own thread?

We have a .local hostname for our AD server in DNS. So, I was able to bind my MacMini server to AD when I added MyDomain.local (where "MyDomain" is your own domain name) to the Search Domains list in my DNS settings on my MacMini server.

It is important for you to know if you already have a .local hostname in your Start of Authority (SOA) record in your DNS server. If you regularly use .local at the end of the name of your AD server, then you probably do.

Ed, if you regularly use .local at the end of your Domain Controller's hostname, I highly recommend trying these steps.

On your MacMini server, go to System Preferences > Network > Advanced > DNS > Search Domains... Add your AD server's hostname with the .local at the end.

Then try to bind to AD again.

This worked for me.

Thanks. I just tried that. It says it is bound. But I still can't map on Windows server a connection to Mac Mini.

I am able to do so, but maybe you have not created the Share the same way I did. Here is how I did it.

I downloaded and installed the Server App (version 4) which is $19.99 from the App Store. In the Server App, I turned on File Sharing. Then I added a file share and made sure my AD user account (or an AD group I am a member of) has permissions to the shared folder. I included AFP, SMB and WebDAV (although I think only SMB is necessary as that is the Windows protocol).

On my Windows PC, I clicked Start > Computer > Map Network Drive. Then chose a drive letter and typed in: \\macmini\foldername

Did you do this differently?

I believe you can create shares without the Server App, but Apple tells me that without the Server App, only a maximum of 10 users can connect to the shared folder at any given time.

I am bound to AD, however I cannot login with any domain user accounts. Another Mac letdown for us. I have a suspicion this is because you cannot authenticate to wireless 802.11 until you are logged in, but cannot log in until you are authenticated. catch22

Very similar to that. The share existed when the MacMini was running Mavericks and Server 3.2.2 After the upgrade to Yosemite and Server 4.0, I first tried to connect to that existing share. When that didn't work, I tried creating a new share and entered the info = \\msd-s-f-s\test-share I gave read/write to everyone including guests and allowed AFP and SMB. Error was that the path could not be found. I used the same user name and password on both servers. That account has full admin rights on both servers. I tried to remove all of the issues I could think of. If I can get a mapping done even once, I can then go back and work with regular accounts.

By the way. Same issue with Windows 2007 computers. They can't connect to the MacMini either. They can see it but not establish a connection.

I guess I should mention --I did "Unbind" and then "Bind" just to see if that would have an effect. It didn't.

I was able to overcome all of my issues by:

1) Pointing my mac to a local time server that my domain controller uses

2) CREATING THE MACHINE OBJECT IN Active Directory First ******

3) specifying my DNS search suffix. Hope this helps everybody.

I seem to have a similar problem, only related to our shared printer, any jobs coming from my iMac (Yosemite) are being refused. Authentication error. Did a clean re-install of Yosemite.

Adding the domain controller specifically(manually) to the search domain worked for me. dhcp had added the domain already.

Thanks for that fix!