If you're unable to bind to a Windows domain using a single part name

Kerberos does not perform a DNS SRV record request for a single part name. Add a period (.) to your domain name to resolve this issue.

This article has been archived and is no longer updated by Apple.

If you're unable to bind your Mac to an Active Directory domain using a single part name, you need to fully qualify the server's domain name. 

When using the steps below, substitute your domain name where you see 'w2003' used as an example.

Users & Groups preferences

Use these steps to update your domain name from Users & Groups preferences.

  1. Open System Preferences
  2. Click Users & Groups.
  3. Click Login Options.
  4. Click the lock icon, then enter your administrator name and password to authenticate.
  5. Click Join.
  6. Enter the domain name with the period appended (like 'w2003.') into the Server field.
  7. In the authentication field that appears, fill in the appropriate values, then click OK.

Directory Utility

Use these steps to update your domain name from Directory Utility.

  1. Click the lock button to authenticate.
  2. Double click Active Directory.
  3. Enter the domain with the period appended (like 'w2003.').
  4. Click the Bind button.
  5. On the next panel, the Computer OU for where to put the computer record will be incorrect.  It should look similar to this:

    "CN=Computers,DC=w2003,dc="

  6.  Remove ",dc=" from the end of the entry so that Computer OU is similar to "CN=Computers,DC=w2003" then click OK.

Command Line

Use these steps to modify the part name from the command line. For example, this Terminal command adds a period character to a domain named w2003:

sudo dsconfigad -add 'w2003.' -username <user> -password <password>

After you modify your part name, bind your server or client to the domain again by using these steps.

Published Date: