Chat now with support
Chat with Support

Safeguard Authentication Services 4.2 - Mac OS X/macOS Administration Guide

One Identity Privileged Access Suite for Unix Installation The Authentication Services Mac OS X components Configuring the Authentication Services client Special Mac OS X features Authentication Services limitations on Mac OS X Authentication Services Group Policy for Mac OS X Certificate Autoenrollment

Graphically join the domain

To graphically join the domain

  1. Enter the name of the Active Directory Domain you want to join and click Join Domain.
  2. In the Join Domain dialog that appears, supply Active Directory credentials to join the domain.

    From this dialog you can also specify a number of optional join arguments before continuing with the join operation. For example, you can specify a specific Active Directory container in which you want to create the new computer object. (By default it is created in the Computers Container). For a detailed explanation of each join option, see the vastool man page located in the docs directory of the installation media.

  3. Click OK to execute the join operation.

    The join operation may take several seconds, to several minutes depending upon your domain configuration. Domain Join progress is continuously updated as progress proceeds.

  4. If any errors occur during join, an error dialog opens with a detailed error message as well the option to view and save the join process log. As an example, the error message below is seen if you specified an incorrect password for the account you are using to join to the domain.

Unjoin an Active Directory domain

To leave the Active Directory Domain, repeat the join steps, except click Leave Domain instead. You do not have to supply Active Directory credentials when unjoining if you do not delete the Active Directory computer object. This option is available in the Leave Domain dialog options.

  1. After modifying the Authentication Services configuration, click Apply in the main Directory Access or Directory Utility dialog (depending on your version of Mac OS X) to ensure that your changes take effect.

Command line join

Use the vastool utility to perform a command line join.

At the command line, enter vastool join to join the Mac OS X system to an Active Directory domain.

Using to join and unjoin

You can access the same functionality that is available through the Authentication Services Directory Utility Plugin through the Authentication Services command line utilities.

There are two ways to join your Mac OS X system to an Active Directory domain:

  • Run the script.

    $ sudo /opt/quest/libexec/vas/scripts/

    This script prompts you for information needed to perform the join operation without requiring you to know the syntax of the vastool join command.


  • Run the vastool join command.

    $ sudo /opt/quest/bin/vastool -u Administrator join -f

To leave an Active Directory Domain from a Terminal session, use the vastool unjoin command.

Note: See the vastool man page located in the docs directory of the installation media for more information about the vastool join or vastool unjoin commands.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating