Connecting an Apple iBook to a Windows 2003 Domain

Sometimes, making Apple Macintosh computers and Windows computers communicate with each other is not so easy. Windows has its own way of doing things, mainly through Active Directory and TCP- IP. Apple now communicates with TCP-IP, but it has its own Directory Services, and is quite flexible on this ("BSD Flat File and NIS" and "LDAPv3" are amongst the offerings).

To get started, I opened up the "Macintosh HD" and went into Applications. From there I navigated to "Utilities". After that I went into Directory Access, like so:





The above is maybe grayed out. If so, after clicking the lock in the lower left, I logged in with the root account or an account with ample permissions on the iBook to make these changes:

Still in the Services tab, I am now ready to move forward. I locate Active Directory. After checking the box beside Active Directory, I select Configure and receive a new window. It is now time to put in the simple Windows domain information. The first task here is to click "Show Advanced Options" by clicking the arrow:

I enter the domain name, “RIGUY.LOCAL” within the Active Directory Domain field. This is the internal or intranet local domain for this single Active Directory domain and the one I am trying to connect to. Therefore the default fields are acceptable here for the Forest. It will only be accessed within the internal network, protected by the firewall. Also, the laptop is simply called ‘ibook’. Not a very creative hostname, but it works here on this smallish network.

It is best to “Bind” a Mac account with a Windows 2003 Active Directory account. It so happens that I use the exact same name and the exact same password on both.

To Bind:
Log in with an AD account ...


Join the computer to the Domain ...




{INSERT DNS iBook ENTRY HERE}


Further down within the Directory Access window .....

In the User Experience area, I notice that the defaults seem to be ok. On the other hand, this involves some experimentation, so we shall see. It is possible we may have to come back to this.



For the time being, I am skipping the Mappings tab. In that tab, the user and group IDs could be mapped statically between Windows Active Directory and Mac OS X. Hopefully, this will not be needed.

In the Administrative area, I now enter my preferred domain server (or controller). Domain controllers handle user authentication and Windows object and resource administration. These servers are the team leads, so to speak, in an Active Directory environment. If you put any non domain controller Windows server in here, this will not work.





After selecting OK another Mac administrator authentication is needed. Then Apply the changes within the Directory Access window.

Now what?

Back to the Directory Access window, choose SMB/CIFS, then configure. The default Workkgroup that shows up is ‘workgroup’, but also listed is my internal domain: ‘Riguy'. After choosing the latter, ignore the WINS Server and select OK.

That should do it. You now have full fledged communications between the Windows Server and Macintosh worlds! The iBook in this example can now communicate with the Active Directory based network and domain.