Our OS X Server machine has had no issue at all with being in the Windows AD domain right up until we updated it to OS X 10.10. Now it behaves bizarrely, refuses to connect to our Exchange mail server, and even rejects the DNS lookup for all of the other servers on the network.
I tried removing and readding the Server to the domain, but I get
"Unable to add server.
Authentication server could not be contacted (5200)"
Is there any way of finding out what the solution may be?
Best Answer
I had the same problem. We have MACs on El Capitan to High Sierra and Win 2012 R2 as Domain controller. After a lot of trial and error, I found out that the AD user has to belong to "Account Operator" security group, even if the user is Domain Admin or Enterprise Admin. We found this out after a lot of struggle.
Hope this solution helps you.