Open System Preferences and click Accounts.

If the lock icon is locked, unlock it by clicking it and entering the name and password of an administrator.

Click Login Options, then click Join or Edit.

Click Open Directory Utility.

If the lock icon is locked, unlock it by clicking it and entering the name and password of an administrator.

Click Services.

In the list of services, select Active Directory and click the Edit (/) button.

Enter the DNS name of the Active Directory domain you want to bind to the computer you’re configuring.

The administrator of the Active Directory domain can tell you the DNS name to enter.

If necessary, edit the Computer ID.

The Computer ID is the name the
computer is known by in the Active Directory domain, and it’s preset to
the name of the computer.
You might change this to conform to your
organization’s established scheme for naming computers in the Active
Directory domain.
If you’re not sure, ask the Active Directory
domain administrator.

(Optional) Set advanced options.

If the advanced options are
hidden, click Show Advanced Options and set options in the User
Experience, Mappings, and Administrative
panes. You can also change advanced option
settings later.

For more information about advanced options, see:

• Setting Up Mobile User Accounts in Active Directory

• Setting Up Home Folders for Active Directory User Accounts

• Setting a UNIX Shell for Active Directory User Accounts

• Mapping the UID to an Active Directory Attribute

• Mapping the Primary Group ID to an Active Directory Attribute

• Mapping the Group ID in Group Accounts to an Active Directory Attribute

• Specifying a Preferred Active Directory Server

• Changing the Active Directory Groups That Can Administer the Computer

• Controlling Authentication from All Domains in the Active Directory Forest

Click Bind, use the following to authenticate as a user who has rights to bind a computer to the Active Directory domain,
select the search policies you want Active Directory added to (see below), and click OK:

• Username and Password:
  You
  might be able to authenticate by entering the name and password of your
  Active Directory user account, or the Active Directory
  domain administrator might need to
  provide a name and password.

• Computer OU:
  Enter the organizational unit (OU) for the computer you’re configuring.

• Use for authentication:
  Use to determine whether Active Directory is added to the computer’s authentication search policy.

• Use for contacts:
  Use to determine whether Active Directory is added to the computer’s contacts search policy.

When you click OK, Directory
Utility sets up trusted binding between the computer you’re configuring
and the Active Directory
server. The computer’s search policies are
set according to the options you selected when you authenticated, and
Active Directory
is enabled in Directory Utility’s Services
pane.

With the default settings for
Active Directory advanced options, the Active Directory forest is added
to the computer’s authentication
search policy and contacts search policy if
you selected “Use for authentication” or “Use for contacts.”

However, if you deselect “Allow authentication from any domain in the forest” in the Administrative advanced options pane
before clicking Bind, the nearest Active Directory domain is added instead of the forest.

You can change search policies
later by adding or removing the Active Directory forest or individual
domains. For more information,
see Defining Custom Search Policies
.

(Optional) Join the server to the Active Directory Kerberos realm:

• On the server or an administrator computer that can connect to the server, open Server Admin and select Open Directory for
  the server.

• Click Settings, then click General.

• Click Join Kerberos, then choose the Active Directory Kerberos realm from the pop-up menu and enter credentials for a local
  administrator on this server.