How to add a Mac OS X box to a Windows AD domain

Note: This is less of a hassle if you are already using the same account name on your Mac as in the AD domain. Then your account will continue working as before on the Mac, but with the added benefit of seamless AD integration.
  1. Go to Utilities | Directory Utility, unlock the settings and click on the "+" button.
  2. Select the type Active Directory
  3. Enter the domain's DNS name (run the command "net config workstation" on a nearby Windows box and look for "Workstation Domain DNS Name", if you don't know this)
  4. Select a good Computer ID
  5. Ask an administrator to come over and enter his admin username and password, and let the computer join the domain.
  6. When back at the Directory Utility main window, click on "Show Advanced Settings" if it's there, and then click on Services.
  7. Double click on the "Active Directory" line.
  8. Click on "Show Advanced Options".
  9. Here, you may want to try different alternatives. What seems to work is the following:
  • Uncheck Create mobile account at login
  • Check Force local home directory on startup disk
  • Uncheck Use UNC path from Active Directory to derive network home location
  • Go to the "Administrative" tab, uncheck Allow authentication from any domain in the forest, and verify that two admin groups are allowed administration rights.
After this, you should be able to log in to the Mac using your Windows account name. Do not add the domain name to the login name.