Introduction

Active Directory (AD) uses DNS to locate other Domain Controllers (DC) and services, like Kerberos. Thus, AD domain members and servers must be able to resolve the AD DNS zones.

The following describes how to configure a macOS client manually to use DNS servers. If using DHCP, then configure the DHCP server instead.

Configure System Preferences

• Open System Preferences, then click on Network.

macOS security settings may require clicking on the padlock in the bottom left of the window and entering a local administrator account's credentials, before being able to make changes.

• In the left pane, choose the network adapter that is connected to the network running the Active Directory (AD) (Wi-Fi, Ethernet, etc.), then click on the Advanced… button.

• Click on the DNS tab.

• In the DNS Servers: pane:

• Remove any existing addresses, by clicking on it and then clicking the minus button.
• Add your DNS server by clicking on the plus button and entering the IP address.

• In the Search Domain: pane:

• Remove any existing Search Domains
• Add your Search Domain by clicking on the plus button and entering it, for example samdom.example.com.

• When finished editing, click OK, then Apply.

If your security settings initially required you to click on the padlock, click on it again to lock the preferences.

• Close System Preferences.

Testing DNS Resolution

To test the DNS configuration, the nslookup command can be used with the Terminal app on macOS. The instructions on the page Testing the DNS Name Resolution work on macOS.