To integrate with Active Directory, macOS clients must be able to find and identify Domain Controllers, Kerberos servers, and Global Catalog servers via DNS.

This article is intended for system administrators. If you are experiencing an issue with your Active Directory account on your Mac, contact the system administrator for your business or school.

Identify Active Directory servers

The DNS system that hosts Active Directory must be complete, correct, and consistent. To identify which Active Directory servers provide the required services, use the following Terminal commands to query DNS records. Replace with the domain name for your Active Directory.

dns-sd -q SRV dns-sd -q SRV dns-sd -q SRV dns-sd -q SRV

After you receive the results, press Control-C on your keyboard to exit the query.

View example outputs

Successful lookups return one or more results in the Rdata column of the output, similar to this:

macosclient$ dns-sd -q srv DATE: ---Wed 12 Sep 2018--- 10:14:56.212 ...STARTING... Timestamp A/R Flags if Name Type Class Rdata 10:14:56.213 Add 3 0 SRV IN 0 100 389 10:14:56.214 Add 2 0 SRV IN 0 100 389

Verify the results

Verify that the results from the previous commands resolve to an IP address.

Use the following command and replace with the fully qualified domain name returned in the Rdata column of the previous commands.

dns-sd -q

Your result should look similiar to this:

macosclient$ dns-sd -q DATE: ---Wed 12 Sep 2018--- 10:23:22.866 ...STARTING... Timestamp A/R Flags if Name Type Class Rdata 10:23:22.867 Add 2 0 Addr IN

Verify that the results for each service record type correctly maps to an IP address.

Learn more

Troubleshoot DNS issues related to Active Directory.

