Cannot bind to Active Directory

This also happens with Sierra. I've tried everything in this post and failed every time. My situation is a little different. I was trying to add a MacBookPro to MS Active Directory 2008r2 in a closed networked Lab. There is no routers in my environment, just a switch. I was not using a default gateway on anything in this environment. Everything seemed ok until I tried to add a MBP. Just for the heck of it I decided to add the DC's IP address for the "Router", Mac's default gateway setting and guess what, I was able to Bind it to AD. Hope this works for you. -Joel

I have exactly the same problem in my organization.

+1 here.

Updated my server from Mavericks to Yosemite and AD broke on me too.. Have not gone as deep troubleshooting as you but I find with my domain (domain.local) I cant resolve any of my internal resources.

After googling this it seems that this was apparant in Lion too which led me to here and this post.

I am in the same boat with you all. Any Mavericks computer will bind just fine. I have only updated one of our Mac's to Yosemite, and it will now not bind. Tells me that the host is not found. Using domain.local, no such luck..Apparently there is a pretty large issue from what I have read. Anyone found any steps that cures this?

+1

Same problem with our infrastructure. Yosemite won't bind to Windows Server 2012R2 domain. Macs < Yosemite bind just fine.

Having same issue with a Windows 2008 R2 server. I was able to bind to a Windows 2008 (not R2) server without any issue (with another computer at a different location) but the iMac where I am this morning stopped communicating to the AD after upgrading to Yosemite. It was working fine on Mavericks.

In order for the user to be able to work while waiting for a solution, I had to create a local user matching the AD one, made sure the computer is not bind to the AD anymore, then made sure the permission on the user folder (previously created by the AD account) are read/write for the new local user. Once that was done I was able to connect with the local user (matching the AD one) and the desktop, docks and all the files and settings came back. Now the user is able to work even if the authentication is now locally.

The following procedure worked for me:

1. Install Mavericks
2. Join AD Domain
3. Update to Yosemite

It takes an extra hour, but works.

I have had one work this way so far. I was on an older MBP 15", just updated to a 13" MBP with retina. It was already bound to the domain through ppen directory/active directory before the Yosemite upgrade. Upgraded to Yosemite, bind still works.

I am working from home today, no issues logging in. We have our infrastructure setup so that we deploy profiles to our devices using MDM from Meraki. There is one set of profiles that are sent to the machines ONLY when bound to the local directory, that gives the Macs a mobile account, allowing them to login the same off network as they do on. Trying this on YOSEMITE, it just fails to send these profiles, as it does not see the computer being bound to the domain.

This is a bummer, as I was planning on updating our machines first, and then binding. I will try in the coming weeks to bind to the domain, and then upgrade to verify that works still.

add your ad domain to the DNS search domains. this allowed me to bind to the domain with Yosemite.

We are having as issue that might be related. Upgraded a server from Mavericks and Server 3.2.2 to Yosemite and Server 4.0 and have now lost the ability for users to authenticate using an Active Directory account on our Windows 2003 server. Authentication worked perfectly from the same computers before server upgrade to Yosemite 10.10 and Server 4.0. Directory Utility shows Active Directory. Editing of that Active Directory listing shows the correct forest and domain. I'm not certain that the Computer ID is correct. It does show the "Unbind" button which would imply that binding exists. The Active Directory list on the Windows 2003 server does list that Computer ID as being bound. It may seem silly but where does that ID come from --where do I check to see if that Computer ID is actually the ID for the server? I assume that it would still be correct after the upgrade --but maybe not? Maybe that isn't the problem at all? One more piece --I tried to Unbind by clicking the button in the Directory Utility --up popped a message that read "Unable to contact Domain Controller". I did not force the unbind as I figured I would not be able to rebind if the Domain Controller could not be contacted. Any ideas?

I can't edit my original post --I don't know why.

But I found were the Computer ID comes from. Network settings, WINS. It must get copied from there to Server Directory Utility settings.

+1 for this.

I used my FQDN in my search domains, and also used my AD servers as WINS servers.

Seemed to do the trick..

Windows Server 2008. Yosemite. FQDN in the DNS Search Domains. IP Address of Server for DNS, AD Server listed as WINS Server. I'm not having any luck either. It is a Yosemite only problem, and pretty disabling as far as being able to move forward with new computers.