Connect to Active Directory with a Profile

In OS X 10.9 Mavericks Apple added the option to connect a Mac client to Active Directory with a configuration profile. In previous OS versions admins have to script AD connection with the dsconfigad CLI tool.

Many of the configuration options for this profile are described here. By default the client Mac’s hostname will be used as the machine record name to connect to AD. However, you can provide a ClientID key to override the default. There are also placeholders you can provide for this filed as described here. In our setup we use the ComputerName (as defined in Sharing preference pane or with scutil --set ComputerName) instead, since the hostname of a given MacBook may change depending on which Thunderbolt ethernet adaptor is used.

The easiest way to create an Active Directory Profile is to use Profile Manager on OS X Server to create one with the settings you want, then download the profile and further edit in a text editor. You can also use this generic Active Directory configuration profile as a starting point.