How to Join a Mac to a Windows Domain

Tell me if this sounds familiar. You come into work one day and your boss calls you into his office and says he got a new laptop. You arrive at his office door and realize your boss bought a Mac. He wants to be able to access all the company files stored on your Windows domain from his new Mac. Or maybe the scenario is a bit different. Your company decides to create a new department for graphical design and marketing and all the designers use Macs.
So what do you do? Not to worry, you can join a Mac to your Windows domain and today I'm going to show you how it's done. Let's walk through joining Snow Leopard to a Windows Server 2008 domain.

Setting Network and User Options on a Mac

Windows domains rely on DNS for Active Directory to work correctly so the first thing we need to do is set a static DNS address on your Mac. We need to use the IP address of your Windows domain controller for this setting. From your dock open System Preferences or click the Apple in the top left corner and choose System Preferences. Now click Network to open your network settings.

Now you should be at your Network settings screen.

By default your network adapter is set to DHCP. Depending on the network connection you are going to use you will need to change this setting to Manually.
Keep in mind if you are setting a static address on your Mac and you take it to another network you might need to change this setting back to DHCP. I would suggest using the wired or Ethernet connection for your static address and use the wireless for DHCP. In this example I am setting a static address on the Ethernet connection.
My Windows domain controller has an IP address of 192.168.1.172 so I will put this in the DNS section. I'm setting my IP address to 192.168.1.171 for this example. Fill in your IP address, subnet, gateway, and DNS according to your network settings.

Click the back button to go back to System Preferences and choose Accounts

Click the Lock to make changes to these settings. Then click the Join button next to Network Account Server

Now click the Open Directory Utility button

You should now be at the Directory Utility; click the Lock to make changes. Then make sure Active Directory is checked, highlight it, and then click the Pencil to edit this setting.

Here you can enter your domain information and computer ID. For this example the domain is hq.test.us and the computer ID is Mac. The computer ID is the computer name that will show up in Active Directory once the Mac is joined to the domain.

Click the arrow to Show Advanced Options. This gives you 3 extra options you can configure. To keep it simple I usually leave these settings default except for the Administrative section. Click the Administrative button and enter the IP address or the FQDN of your domain controller in the Prefer this domain server section. For this example I used the IP address of my domain controller 192.168.1.172. You can also specify groups that are allowed administration privileges.

Now click the Bind button and you will be prompted for credentials. Enter your domain administrator username and password and click OK.

You should see it progress through steps 1-5 as you are authenticated and joined to the domain.

Now you should be joined to the domain and the Bind button changes to Unbind.

Click OK and then click Apply in the Directory Utility window. Then close the Directory Utility. Now you should be back at the Accounts window. Note the green dot and domain name next to Network account server.

Logging In with Windows Credentials on Your Mac

Now you should be able to login to the Mac with your Windows domain credentials. Log off the current user you are logged in with. When you get back to the login screen choose Other.

Now enter your Windows domain credentials.

That should get you logged into the computer with your domain credentials. So now what? How do you access the files on the server?
We will need to map drives to the shared folders on the server so you can access the files. From Finder click Go then click Connect to Server. Since Mac uses SMB we need to use this syntax: smb://servername/share then click Connect.

Note that you will not be prompted for credentials to connect because we are logged in with our domain account. You can also connect to Windows shared folders with the same syntax and a username and password if your Mac is not joined to the domain.

Mac on Windows Domain: Is it Worth it?

Now I bet you're wondering, is this worth it?
This process is not for the faint of heart and can get tricky depending on your environment. There can be issues with joining Macs to a .local domain and there can also be reverse DNS issues to be aware of. With these things in mind, there are definitely some things to consider before joining your Mac to a Windows domain.
Some may wonder what the benefits of joining s Mac to a Windows domain would bring. It mostly helps with accessing files on your Windows server without authenticating every time. It also helps with user account management and alleviates the need to have separate user accounts on the local Mac computer and on the Windows domain.
In my opinion, if you have a mobile Mac user with a laptop you probably wouldn't join it to your domain, but would instead authenticate when needed. If you have Mac desktop computers and multiple users logging into them and using them daily, joining them to the domain is probably a better solution. Overall it's up to you how you want to configure it but hopefully this gives you a good baseline to start with.
What other benefits can you think of for joining a Mac to a Windows domain? What other solutions are there for Windows organizations that use Macs?

source : https://www.pluralsight.com/blog/tutorials/join-mac-to-windows-domain

Mac OS X Printing via the Windows Print Server

Introduction
With the number of Macs growing, especially in the academic and consumer fields the need to support them has become a must have for many existing Windows environments.
The question becomes, "How does the competent Windows IT professional open up their print server to their Mac clients?"
Methods Available:There are a several methods of allowing the use of your networked printers to Mac OSX clients. Below is summary of each method and a brief of the pros and cons.
Printing Via LPD (Line Printer Daemon) - (Preferred):This is the easiest to install, and often the most reliable method of printing from Mac OSX to a printer queue installed on a Windows Server.
Primary Advantages / Disadvantages:

Job is submitted within Windows as the logged in user. This is especially useful when using Active Directory services for Mac.

Full document title information as set by the printing application is received by server.

Does not encounter common Kerberos authentication issues such as the popular NT_STATUS_ACCESS_DENIED error for no apparent reason.

Uses a separate port (515), from Windows File and Print Sharing (445).This allows for advanced security options via the Windows firewall to help allow fine tuning which systems or subnets can print via your servers LPD printers.

Requires installation of the Line Printer Daemon printing services, also known as Print Services for Unix on your Windows Print Servers.

Not all Macintosh printer drivers support this method of printing.

Printing Via Windows Print Sharing - (Popular):This option has become greatly popular, especially in the more recent releases of Mac OSX Leopard, Snow Leopard and Lion). In many environments this option can seamlessly integrate printing with a few clicks, and no additional configuration on your print server.
Primary Advantages / Disadvantages:

Job is often submitted as the user who installed the printer, rather than the user logged in. (See more details in the “Install a Printer via Windows Print Sharing” section)

Full Document Title information is not available on the print server. The queue will show "Remote Downlevel Document" in lieu of a usable title such as "A Good Presentation.pdf"

Connects to existing Windows shares, does not requires additional server configuration if printers are already shared to Windows users.

Can be difficult to troubleshoot some authentication issues.

Supported by nearly all Mac printer drivers.

Printing Via Windows Print Services for Macintosh (using AppleTalk) - (Deprecated):This legacy technology is no longer supported by Apple on their newer Operating System releases. While it can still be found in use within older networks, it is considered retired and will not be covered within this article.
Direct Printing (Printing directly via the IP address of the printer) - (Last Resort):This option should only be used as a last resort, as it makes any management or control of printing resources very difficult at best and should be avoided. Installing printers in this manner will not be covered in this article.
Disadvantages:
Little or no control or tracking of printer and associated printer costs.
Little or no security options for printing.
Typically supported by all Mac drivers.
Printing via LPD (Line Printer Daemon) - (Preferred):This section covers setting up this service, and installing and using a printer on Mac OSX. The first step in allowing printing is to enable the LPD service within Windows. This varies slightly between operating system. The below steps specifically apply to various server operating systems.
Configuring your Windows Server to provide LPD Printing Services (Windows 2000 / 2003 / XP):

1. Open Add/Remove Windows Components within Add/Remove Programs. Within this location Other network File and Print Services.

2. Click on the [Details] button and within details check Print Services for Unix and click OK and then [Next] to install these components.

3. Afterwards Windows will install this service. You may be prompted for your Windows Installation Media.

Configuring your Windows Server to provide LPD Printing Services (Windows 2008 / 2008 R2):

1. Run Server Manager and within Roles locate the Print and Document Services role.

2. Within that Role, click the Add Role Services. Here you can add the LPD Service.

3. Once the role has been installed, you are ready to install printers onto your Workstations.

Configuring your Windows Server to provide LPD Printing Services (Windows Vista / 7):

1. Open Control Panel > Programs and Features. Within this dialog, click the [Turn Windows Features on or off] on the left hand side.

2. The Windows Features dialog will open. Locate Print and Document Services and enable the item named LPD Print Server and then click [OK].

Installing the LPD printer on your Mac OS X systems:The next step is to install the printer onto your Mac OS X system using the following steps.

1. Open Print & Fax within the System Preferences of your operating system.

2. Click the [+] button towards the bottom right to install your first printer. The add printer dialog will appear. From here click on the [IP] button at the top of the dialog and then choose Line Printer Daemon – LPD within the Protocol drop down list.

3. Once selected a variety of fields need to be filled in to reference your printer on your print server. The below should guide you to each one.

4. Once all is configured, clicking Add should finalize the installation of the printer.

Printing Via Windows Sharing - (Popular):The next step is to install the printer onto your Mac OS X system using the following steps.
Installing a Printer via Windows Printer Sharing:

Open Print & Fax within the System Preferences of your operating system.

Click the [+] button towards the bottom right to install your first printer. The add printer dialog will appear. From here click on the [Windows] button.

After clicking the [Windows] button, the browse dialog may appear black for several minutes. The system is actually busy locating the available Windows networks, but does not have any indication of this.

Once the networks have loaded, you can click each network to list the servers within the network. Clicking on the server, will attempt to load the printer shares on that server. Again each click of network or server may take several minutes to load without any indication that it is busy.

Depending on if you are authenticated, you may next get prompted for a username and password to view the shares on the server. You will need to enter your domain credentials.

After this you will see the list of shared printers.

The printer will not be installed and usable.

Securing and Restricting Mac OS X PrintingA common issue that comes up when using either of these forms of printing, are ensuring the user printing from Mac is the correct user so their printing can be managed and tracked properly. Consider these two scenarios.
Situation A: Using LPR Printing, without Active Directory Login Services enabled on MacIn this case, the user logged in may not exist in Active Directory and may be a local user that does not reference or match any AD user printing account for quotas and restrictions.
Situation B: Using Printing Via Windows Shares, but a user has saved their passwordIn this case, all print jobs are sent as the first user who happened to click Save my password. In a print tracking scenario, this would show a false statistic regarding who is actually printing each job.

The Solution:The solution to these issues, is Print Manager Plus with the Client Billing & Authentication add-on option. This add-on option requires explicit authentication on each print job by interacting with the Authentication Module running on each Mac.

This will provide the following functionality, on top of all of the tracking and control functionality included with Print Manager Plus.

• All jobs will be tracked under the user actually printing it
• Prevents unauthorized printing
• Allows quota and restrictions by Active Directory user, group and OU to extend to Mac users
• Can require users to verify each job before it prints to ensure they need it

Obtaining Mac DriversThis final section includes some tips for obtaining Mac versions of drivers for the various models of printers that exist. Below are three most common means of finding and selecting a driver.
Source A: The Print Manufacturer - (Preferred)The most popular source of drivers is through your printer manufacturers website. Most modern printers are well supported under Intel based Mac OSX 10.5 and later systems.  Browsing their support.

Known Issues:In rare situations, a manufacturer will not provide any Mac drivers for their device.
In rare situations, the driver they provide may support the LPD method of printing described above.

Source B: Third Party Drivers such as Gutenprint - (Alternative)If you are having trouble obtaining drivers for your printer, or are having trouble getting them to work via the LPD print server, you may want to consider third party drivers. Gutenprint, also known as Gimp-Print is an open source community project designed to provide fully functional drivers for a large variety of print devices.

Known Issues:The list is vast, but does not support all printers.
May not provide all of the advanced printing options your device is capable of.

Source C: Generic Drivers - (Alternative)The final step is to use generic drivers using either the Postscript (PS) printing language, or the Print Control Language (PCL). These are available directly when installing the printer.

Known Issues:Requires a device that supports native Postscript or PCL printer commands
Provides a limited set of basic printer features only. Will not support any advanced features your device may support.

Source: http://www.printmanager.com/cms.php?aid=75&fullpage=1&support=8

Mac OS X Printing via the Windows Print Server

Introduction
With the number of Macs growing, especially in the academic and consumer fields the need to support them has become a must have for many existing Windows environments.
The question becomes, "How does the competent Windows IT professional open up their print server to their Mac clients?"
Methods Available:There are a several methods of allowing the use of your networked printers to Mac OSX clients. Below is summary of each method and a brief of the pros and cons.
Printing Via LPD (Line Printer Daemon) - (Preferred):This is the easiest to install, and often the most reliable method of printing from Mac OSX to a printer queue installed on a Windows Server.
Primary Advantages / Disadvantages:

Job is submitted within Windows as the logged in user. This is especially useful when using Active Directory services for Mac.

Full document title information as set by the printing application is received by server.

Does not encounter common Kerberos authentication issues such as the popular NT_STATUS_ACCESS_DENIED error for no apparent reason.

Uses a separate port (515), from Windows File and Print Sharing (445).This allows for advanced security options via the Windows firewall to help allow fine tuning which systems or subnets can print via your servers LPD printers.

Requires installation of the Line Printer Daemon printing services, also known as Print Services for Unix on your Windows Print Servers.

Not all Macintosh printer drivers support this method of printing.

Printing Via Windows Print Sharing - (Popular):This option has become greatly popular, especially in the more recent releases of Mac OSX Leopard, Snow Leopard and Lion). In many environments this option can seamlessly integrate printing with a few clicks, and no additional configuration on your print server.
Primary Advantages / Disadvantages:

Job is often submitted as the user who installed the printer, rather than the user logged in. (See more details in the “Install a Printer via Windows Print Sharing” section)

Full Document Title information is not available on the print server. The queue will show "Remote Downlevel Document" in lieu of a usable title such as "A Good Presentation.pdf"

Connects to existing Windows shares, does not requires additional server configuration if printers are already shared to Windows users.

Can be difficult to troubleshoot some authentication issues.

Supported by nearly all Mac printer drivers.

Printing Via Windows Print Services for Macintosh (using AppleTalk) - (Deprecated):This legacy technology is no longer supported by Apple on their newer Operating System releases. While it can still be found in use within older networks, it is considered retired and will not be covered within this article.
Direct Printing (Printing directly via the IP address of the printer) - (Last Resort):This option should only be used as a last resort, as it makes any management or control of printing resources very difficult at best and should be avoided. Installing printers in this manner will not be covered in this article.
Disadvantages:
Little or no control or tracking of printer and associated printer costs.
Little or no security options for printing.
Typically supported by all Mac drivers.
Printing via LPD (Line Printer Daemon) - (Preferred):This section covers setting up this service, and installing and using a printer on Mac OSX. The first step in allowing printing is to enable the LPD service within Windows. This varies slightly between operating system. The below steps specifically apply to various server operating systems.
Configuring your Windows Server to provide LPD Printing Services (Windows 2000 / 2003 / XP):

1. Open Add/Remove Windows Components within Add/Remove Programs. Within this location Other network File and Print Services.

2. Click on the [Details] button and within details check Print Services for Unix and click OK and then [Next] to install these components.

3. Afterwards Windows will install this service. You may be prompted for your Windows Installation Media.

Configuring your Windows Server to provide LPD Printing Services (Windows 2008 / 2008 R2):

1. Run Server Manager and within Roles locate the Print and Document Services role.

2. Within that Role, click the Add Role Services. Here you can add the LPD Service.

3. Once the role has been installed, you are ready to install printers onto your Workstations.

Configuring your Windows Server to provide LPD Printing Services (Windows Vista / 7):

1. Open Control Panel > Programs and Features. Within this dialog, click the [Turn Windows Features on or off] on the left hand side.

2. The Windows Features dialog will open. Locate Print and Document Services and enable the item named LPD Print Server and then click [OK].

Installing the LPD printer on your Mac OS X systems:The next step is to install the printer onto your Mac OS X system using the following steps.

1. Open Print & Fax within the System Preferences of your operating system.

2. Click the [+] button towards the bottom right to install your first printer. The add printer dialog will appear. From here click on the [IP] button at the top of the dialog and then choose Line Printer Daemon – LPD within the Protocol drop down list.

3. Once selected a variety of fields need to be filled in to reference your printer on your print server. The below should guide you to each one.

4. Once all is configured, clicking Add should finalize the installation of the printer.

Printing Via Windows Sharing - (Popular):The next step is to install the printer onto your Mac OS X system using the following steps.
Installing a Printer via Windows Printer Sharing:

Open Print & Fax within the System Preferences of your operating system.

Click the [+] button towards the bottom right to install your first printer. The add printer dialog will appear. From here click on the [Windows] button.

After clicking the [Windows] button, the browse dialog may appear black for several minutes. The system is actually busy locating the available Windows networks, but does not have any indication of this.

Once the networks have loaded, you can click each network to list the servers within the network. Clicking on the server, will attempt to load the printer shares on that server. Again each click of network or server may take several minutes to load without any indication that it is busy.

Depending on if you are authenticated, you may next get prompted for a username and password to view the shares on the server. You will need to enter your domain credentials.

After this you will see the list of shared printers.

The printer will not be installed and usable.

Securing and Restricting Mac OS X PrintingA common issue that comes up when using either of these forms of printing, are ensuring the user printing from Mac is the correct user so their printing can be managed and tracked properly. Consider these two scenarios.
Situation A: Using LPR Printing, without Active Directory Login Services enabled on MacIn this case, the user logged in may not exist in Active Directory and may be a local user that does not reference or match any AD user printing account for quotas and restrictions.
Situation B: Using Printing Via Windows Shares, but a user has saved their passwordIn this case, all print jobs are sent as the first user who happened to click Save my password. In a print tracking scenario, this would show a false statistic regarding who is actually printing each job.

The Solution:The solution to these issues, is Print Manager Plus with the Client Billing & Authentication add-on option. This add-on option requires explicit authentication on each print job by interacting with the Authentication Module running on each Mac.

This will provide the following functionality, on top of all of the tracking and control functionality included with Print Manager Plus.

• All jobs will be tracked under the user actually printing it
• Prevents unauthorized printing
• Allows quota and restrictions by Active Directory user, group and OU to extend to Mac users
• Can require users to verify each job before it prints to ensure they need it

Obtaining Mac DriversThis final section includes some tips for obtaining Mac versions of drivers for the various models of printers that exist. Below are three most common means of finding and selecting a driver.
Source A: The Print Manufacturer - (Preferred)The most popular source of drivers is through your printer manufacturers website. Most modern printers are well supported under Intel based Mac OSX 10.5 and later systems.  Browsing their support.

Known Issues:In rare situations, a manufacturer will not provide any Mac drivers for their device.
In rare situations, the driver they provide may support the LPD method of printing described above.

Source B: Third Party Drivers such as Gutenprint - (Alternative)If you are having trouble obtaining drivers for your printer, or are having trouble getting them to work via the LPD print server, you may want to consider third party drivers. Gutenprint, also known as Gimp-Print is an open source community project designed to provide fully functional drivers for a large variety of print devices.

Known Issues:The list is vast, but does not support all printers.
May not provide all of the advanced printing options your device is capable of.

Source C: Generic Drivers - (Alternative)The final step is to use generic drivers using either the Postscript (PS) printing language, or the Print Control Language (PCL). These are available directly when installing the printer.

Known Issues:Requires a device that supports native Postscript or PCL printer commands
Provides a limited set of basic printer features only. Will not support any advanced features your device may support. 

Source: http://www.printmanager.com/cms.php?aid=75&fullpage=1&support=8