How to configure your MacOS to successfully login to an UCS domain
This article mostly aims to handle DNS related issues in your environment and is not generally intended to configure your default MacOS Clients!
This article describes how to narrow the domain communication to your specific domain and DC which may help if other fixes can’t be applied or won’t help.
Environment
You have a working UCS Master in your environment that is your PDC and handles all domain logins and you have MacOS Clients that shall using the UCS Domain for Authentification.
Configure your MacOS Client as follows
- Open the Directory Utility and enlarge Advanced Options
- Switch to the Administrative Tab
- Enable Use Preferred Server and enter the IP address of you PDC
(Do not use the Hostname or FQDN!) - Disable the Option to Allow Authentication from any Domain in the Forest
- Select Bind and enter your Credentials
(the following procedure may take several minutes, please stay patient) - Once this has finished switch to the Search Policy Tab
- Remove entry ‘/Active Directory/MYDOMAIN/All Domains’
- Add entry ‘/Active Directory/MYDOMAIN/domain.tld’
- Move entry to be right under ‘/Local/Default’
Your search policy list now should look like
/Local/Default
/Active Directory/MYDOMAIN/mydomain.tld
/Active Directory/MYDOMAIN
After rebooting your MacOS Client you will be able to successfully login using your Domain account.