How do I reset OS X Network and Active Directory Settings for macOS 10.13 and below

Owned by Doug Heady (Unlicensed)
Last updated: Sept 21, 2021 by Ed Bobak
2 min read

MiWorkspace Mac: How to reset OS X Network and Active Directory Settings

Objective

Restoring an Apple operating system back to usable functionality by reseting a Mac's network settings and rejoining it to Izzy and Active Directory.   This is a new method that covers both old Macs as well as Macs with the T2 chip in them.  macOS systems above 10.13 are not joined to Active Directory any longer.

Environment

MiWorkspace Mac system that no new users can log into; system rejects M-1 accounts, etc.

The Service Center should triage this issue to Neighborhood IT.

Procedure

  1. Plug in a network cable to Mac directly or using an adaptor.  Leave it plugged in until after step 8.
  2. Press the power button to start the Mac.
  3. Immediately press and hold Option-Command-r.   This will boot into Internet Recovery mode.  (NOTE:  Some T2-laptops will not always successfully Internet Recovery boot with the Belkin USB-C adapters, so we recommend using a Thunderbolt Ethernet → Thunderbolt-to-USB-C adapter daisy chain.).   If you can't boot into Internet Recovery for any reason, then just a "Command-r" boot should work as well.
  4. If the computer is a laptop with an encrypted hard disk, open "Disk Utility" at the "macOS Utilities" screen.   Select the greyed-out Internal hard disk, click the "Mount" icon and enter a Disk Password/Recovery Key/User account password to unlock the disk.   When the Internal Hard disk is mounted, quit Disk Utility
  5. Go to the "Utilities" menu and select "Terminal".    At the prompt, run this command (NOTE THE SPACES AFTER "chroot" and BEFORE and AFTER "HD"):
    1. /usr/sbin/chroot /Volumes/Macintosh\ HD /usr/local/izzy/reset-active-directory 
  6. Verify that time and date are correct as shown.  Correct if needed.  Instructions are provided on the screen.    (NOTE:  If the hard disk is not named "Macintosh HD", you'll get a prompt about a different set of instructions reflecting that different name.)
  7. Type reboot
  8. Mac will now boot and run Managed Software Center to preform the following:
    1. Reset network adapters
    2. Joins the Mac to Active Directory
  9. Login at the prompt once Managed Software Center is finished to verify login and network are functioning again.

  10. Resetting Active Directory scripts will remove the UMich VPN. This should be restored using the following steps: How do I repair a corrupt or damaged VPN installation on a Mac (bad shared secret, failure to connect) and the user's credentials added back to the VPN after that.

Additional Notes

This resets a Mac's network settings and rejoins it to Izzy / Active Directory to allow updates and users to login on systems that have fallen off the network or will not boot. 

How to manually check if Active Directory is Online

Open a Terminal window and enter

odutil show nodenames | egrep 'Name|-|Active Directory'

The output should tell you if the computer in bound ( Online ) or unbound ( Offline ) from Active Directory. If the output reports Offline proceed with the commands below. If the output reports Online, it is possible there is another issue; computer network connectivity, problem with the user account and password.