This article is intended for system administrators. If you are experiencing an issue with your Active Directory account on your Mac, contact the system administrator for your business or school.
Identify Active Directory servers
The DNS system that hosts Active Directory must be complete, correct, and consistent. To identify which Active Directory servers provide the required services, use the following Terminal commands to query DNS records. Replace example.com with the domain name for your Active Directory.
dns-sd -q _ldap._tcp.example.com SRV
dns-sd -q _kerberos._tcp.example.com SRV
dns-sd -q _kpasswd._tcp.example.com SRV
dns-sd -q _gc._tcp.example.com SRV
After you receive the results, press Control-C on your keyboard to exit the query.
View example outputs
Successful lookups return one or more results in the Rdata column of the output, similar to this:
macosclient$ dns-sd -q _ldap._tcp.example.com srv DATE: ---Wed 12 Sep 2018--- 10:14:56.212 ...STARTING... Timestamp A/R Flags if Name Type Class Rdata 10:14:56.213 Add 3 0 _ldap._tcp.example.com. SRV IN 0 100 389 dc1.example.com. 10:14:56.214 Add 2 0 _ldap._tcp.example.com. SRV IN 0 100 389 dc5.example.com.
Verify the results
Verify that the results from the previous commands resolve to an IP address.
Use the following command and replace dc1.example.com with the fully qualified domain name returned in the Rdata column of the previous commands.
dns-sd -q dc1.example.com
Your result should look similiar to this:
macosclient$ dns-sd -q dc1.example.com DATE: ---Wed 12 Sep 2018--- 10:23:22.866 ...STARTING... Timestamp A/R Flags if Name Type Class Rdata 10:23:22.867 Add 2 0 dc1.example.com. Addr IN 10.0.100.1
Verify that the results for each service record type correctly maps to an IP address.