Before you can log in with Active Directory users and manage agent settings for users and computers, you must first join your macOS machine to an Active Directory domain.
Before you can log in with Active Directory users and manage agent settings for users and computers, you must first join your macOS machine to an Active Directory domain.
Safeguard Authentication Services provides both a graphical option and a command line option for joining the domain.
NOTE: You cannot manage agent settings by means of Safeguard Authentication Services Group Policy if you have joined with the Apple-provided Active Directory plug-in. If you are currently bound to the domain using Apple components, unbind before proceeding.
You can use the QAS Join application to join the domain.
To join the domain using the QAS Join application
Open the QAS Join application located at /Applications/QAS Join.
On the Safeguard Authentication Services dialog, enter the name of the Active Directory Domain you want to join and click Join Domain.
On the Join Domain dialog, enter the Active Directory credentials to be used to join the domain.
From this dialog you can also specify a number of optional join arguments before continuing with the join operation. For example, you can specify a specific Active Directory container in which you want to create the new computer object (by default, it is created in the Computers container). For a detailed explanation of each join option, see the vastool man page located in the docs directory of the installation media.
Click OK to run the join operation.
The join operation may take several seconds, to several minutes depending upon your domain configuration. Domain Join progress is continuously updated as progress proceeds.
If any errors occur during join, an error dialog opens with a detailed error message as well as the option to view and save the join process log. As an example, the error message below is seen if you specified an incorrect password for the account you are using to join to the domain.
To leave the Active Directory domain, repeat the join steps, except click Leave Domain instead. You do not have to supply Active Directory credentials when unjoining if you do not delete the Active Directory computer object. This option is available in the Leave Domain dialog options.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center