This document outlines our requirements for binding macOS devices to Microsoft Active Directory.
Please ensure the following information is to be understood and where required, provided to us upon request:
- Device naming to be set to device serial number.
- Please provide a Microsoft Active Directory service account. This account should have a long complex password, but free from any password change or expiry requirements.
- Please ensure the Microsoft Active Directory service account has Create, Read, Update and Delete permissions on the organisational unit where devices will be stored, as well as any other organisational units that devices may already have records present in.
- A single organisational unit will need to be provided for devices to be bound into. Devices can be moved from this organisational unit after binding if this is required. The organisational unit should be provided in the format:
- Please provide fully-qualified domain (FQDN) of the domain.
- Portable devices, such as MacBooks are not in scope for binding to Microsoft Active Directory.
- Desktop devices, such as iMacs must be connected to a hard wired (ethernet) connection.
- Optional: A specific fully-qualified NTP server address can be supplied for use.