Prerequisites Manually joining a Mac instance

Joining an Amazon EC2 Mac instance to your AWS Managed Microsoft AD Active Directory

This procedure manually joins an Amazon EC2 Mac instance to your AWS Managed Microsoft AD Active Directory.

Prerequisites

Amazon EC2 Mac instances require Amazon EC2 Dedicated Hosts. You must allocate a dedicated host and launch an instance onto the host. For more information, see Launch a Mac instance in Amazon EC2 User Guide.
We recommend creating a DHCP option set for your AWS Managed Microsoft AD Active Directory. This will allow any instances in your Amazon VPC to point to the specified domain and DNS servers to resolve their domain names. See Creating or changing a DHCP options set for AWS Managed Microsoft AD for more information.

Note

Dedicated Host pricing varies by the payment option that you select. For more information, see Pricing and Billing in Amazon EC2 User Guide.

Manually joining a Mac instance

Use the following SSH command to connect to your Mac instance. For more information about connecting to your Mac instance, see Connect to your Mac instance.
```
ssh -i /path/key-pair-name.pem ec2-user@my-instance-public-dns-name
```
After you connect to your Mac instance, create a password for the ec2-user account using the following command:
```
sudo passwd ec2-user
```
When prompted at the command line, provide a password for the ec2-user account. You can update your operating system and software by following the procedure in Update the operating system and software in Amazon EC2 User Guide.
Use the following dsconfigad command to join your Mac instance to the AWS Managed Microsoft AD Active Directory domain. Make sure to replace the domain name, computer name, and organizational unit with your AWS Managed Microsoft AD Active Directory domain information. For more information, see Configuring domain access in Directory Utility on Mac on Apple website.

Warning
The computer name shouldn't contain a hyphen. Hyphens might prevent the bind to the AWS Managed Microsoft AD Active Directory.
```
sudo dsconfigad -add domainName -computer computerName -username Username -ou "Your-AWS-Delegated-Organizational-Unit"
```
The following example is what the command should look like when joining an administrative user on a Mac instance named myec2mac01 to the example.com domain:
```
sudo dsconfigad -add example.com -computer myec2mac01 -username admin -ou "OU=Computers,OU=Example,DC=Example,DC=com"
```
Use the following command to add the AWS Delegated Administrators to the administrative user on your Mac instance:
```
sudo dsconfigad -group "EXAMPLE\aws delegated administrators
```
Use the following command to confirm the AWS Managed Microsoft AD Active Directory domain join was successful:
```
dsconfigad -show
```

You have successfully joined your Mac instance to your AWS Managed Microsoft AD Active Directory. You can now log in to your Mac instance using your AWS Managed Microsoft AD Active Directory credentials.

When you first log in to your Mac instance, you should be provided with an option to log in as the "Other" user. At this point, you can use your Active Directory domain credentials to log in to the Mac instance. If you're not provided with "Other" on the log in screen after completing these steps, log in as ec2-user and then log out.

To log in using the graphical user interface with a domain user, follow the steps in Connect to your instance's graphical user interface (GUI) in Amazon EC2 User Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Manually joining a Linux instance using Winbind

Delegating directory join privileges