Preparing for Mac OS X for Active Directory

Updated August 11, 2008

A few tips to getting ready to bind to Active Directory on the Mac.
  • Update your computer to 10.3.9, 10.4.11 or 10.5.4  Use the internal Software Update server, or download the Combo updaters from  You can also update remote computers using Casper Remote or Apple Remote Desktop.
  • Check the computer name.   Active Directory and Windows can only read the first 15 characters of the compute name.  Keep it brief and try to give some location specifc information.  Convention:  "IP-Room-Tag" Example, "22-201-222334E"  This is a computer with tag #222334E in Room 201 at Ramsey Jr.  You can add more after the tag if you'd like, the Macs and Recon and ARD will see it, but after 15 it will be cut off in AD.  Some schools will put users initials or last name on laptops that are assigned to staff.   
  • Run Recon.  Make sure you are using the current version of Recon on the Mac and the machine is managed by casper.  Download the current version from and check the Console log (/var/log/jamf.log) if needed.  This will make future management and updating easier.  The more you enter in the fields in Recon  (username, Room, Dept) the easier it will be for you to track your computers.
  • Check your network settings.  The Active Directory servers have to be found by your computer right away.  To check that they are available use Terminal and type:  "nslookup"  This should return 4 entries.  You also have to be on the SPPS network to bind to AD.  
  • Set network Time Sync:  In the Date and Time System Preferences, make sure the computer is set to use network time sync with   This is important for Kerberos Authentication.