For some reason a simple guide on how to do this doesn’t exist on the internet. I’ve been using a Mac for years now, in a profession that largely scoffs at such an idea. However, there are times when it comes in handy to be familiar with the dark side. There are end-users that use Macs too and employers who want them to be managed appropriately. I learned the hard way how not to do this (in retrospect I’m not sure why I felt the need to put our executive’s MacBook on the domain), but allow me to help you learn from my pain.

So let’s get to it. Open the System Preferences “app” and go to the Users & Groups section

Select “login options” and then tap the padlock at the bottom of the screen. You’ll need to type in your password to proceed.

From here click on the join button and IP address of the domain controller that you want to join with. It will then bring down a screen asking you to give your machine name and credentials for the domain admin. Note that the limit for characters of machine names on Windows is 15.

After you type in the domain admin creds and then type in your local admin password again…congrats, you’re joined to the domain! But we’re not done yet. There’s still one more thing you want to do so that you don’t get a call at 8pm from the user saying that they can’t log in. Click on edit at the bottom of the window once you get back to the main Users & Groups screen.

Tap the padlock again, type your password, click on Active Directory and then the little pencil at the bottom of the screen.

Expand the page to “show options” and click the “create mobile account at login” checkbox and uncheck “require confirmation before a creating mobile account.”

Okay you’re actually done now. If you have any recommendations that have made this experience better for your team, feel free to add them to the comments section.