When macOS is fully integrated with Active Directory, users:Īre subject to the organization’s domain password policies
It uses Kerberos for authentication and the Lightweight Directory Access Protocol (LDAPv3) for user and group resolution. MacOS uses the Domain Name System (DNS) to query the topology of the Active Directory domain.
Note: macOS won’t be able to join an Active Directory domain without a domain functional level of at least Windows Server 2008, unless you explicitly enable “weak crypto.” Even if the domain functional levels of all domains are 2008 or later, the administrator may need to explicitly specify each domain trust to use Kerberos AES encryption.