Help

AD Binding

Luket
New Contributor

Posted on ‎05-24-2016 05:10 PM

Hey All,

In our environment we are running the following

JSS 9.91
OS X 10.11.4
Shared use Macs

Currently we are experiencing some difficulties with our domain joined macbook pros logging in. The symptoms are as follows:

1: Students often open up their laptops to find the login screen with a red dot next to the username field saying "Network accounts are unavailable"
2: It can take up to 1 minute after starting up to allow anyone to log in. trying to login during this time results in a "headshake"
3: Occasionally we find macs that can't login at all and just sit at the login screen with the red dot. we seem to only be able to fix this by logging into the local admin and rebinding to AD. it can sometimes be fixed by restarting the Mac.
4. log in times range from about 45 seconds up to 2 minutes (is this normal?) We only have 1 policy running at login and removing this doesn't greatly improve login time. on average 10 seconds improvement.

Has anyone got any advice? Thanks

0 Kudos
1 REPLY 1

prbsparx
Contributor II

Posted on ‎05-24-2016 06:32 PM

I'd recommend taking a look at the following:
1) Macs slow to connect to network - typically caused by more advanced switches that have a delay before it allows communication (some Cisco switches will delay a connection for up to 10 seconds to check if the other end is a switch or client device)
2) DNS - "it's always DNS" - Check out Apple's document on confirming good AD DNS: https://support.apple.com/en-us/HT201885
3) Rather than rebinding, see if just running sudo dscacheutil -flushcache fixes the issue.

For the long login times, are the user accounts auto-mounting any network shares?

0 Kudos