Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Mac OS X/macOS Administration Guide

One Identity Privileged Access Suite for Unix Installation The Authentication Services Mac OS X components Configuring the Authentication Services client Special Mac OS X features Authentication Services limitations on Mac OS X Authentication Services Group Policy for Mac OS X Certificate Autoenrollment

Unconfigure local LDAPv3

If you are running Mac OS X 10.5, you must unconfigure the local LDAPv3 node before joining to Authentication Services by means of Active Directory. Problems arise with application of machine policy if you do not do this. If you are replacing an existing OpenDirectory or LDAP instance with Active Directory, unconfigure the corresponding LDAP node at this time.

To unconfigure an LDAPv3 node

  1. From the Directory Utility screen, select the LDAPv3 box.

  2. Click the pencil icon to edit the service.
  3. On the Search Policies screen, click Delete and then click OK.

Graphically join the domain

To graphically join the domain

  1. Enter the name of the Active Directory Domain you want to join and click Join Domain.
  2. In the Join Domain dialog that appears, supply Active Directory credentials to join the domain.

    From this dialog you can also specify a number of optional join arguments before continuing with the join operation. For example, you can specify a specific Active Directory container in which you want to create the new computer object. (By default it is created in the Computers Container). For a detailed explanation of each join option, see the vastool man page located in the docs directory of the installation media.

  3. Click OK to execute the join operation.

    The join operation may take several seconds, to several minutes depending upon your domain configuration. Domain Join progress is continuously updated as progress proceeds.

  4. If any errors occur during join, an error dialog opens with a detailed error message as well the option to view and save the join process log. As an example, the error message below is seen if you specified an incorrect password for the account you are using to join to the domain.

Unjoin an Active Directory domain

To leave the Active Directory Domain, repeat the join steps, except click Leave Domain instead. You do not have to supply Active Directory credentials when unjoining if you do not delete the Active Directory computer object. This option is available in the Leave Domain dialog options.

  1. After modifying the Authentication Services configuration, click Apply in the main Directory Access or Directory Utility dialog (depending on your version of Mac OS X) to ensure that your changes take effect.

Command line join

Use the vastool utility to perform a command line join.

At the command line, enter vastool join to join the Mac OS X system to an Active Directory domain.

Related Documents