The Problem

If the things listed below more or less describe your present situation, then this article is for you:

1. You’re primarily a Windows shop and your users login to their workstations using their Active Directory domain accounts.
2. You’ve got a wireless network that utilizes WPA/WPA2 Enterprise encryption.
3. You’ve got one (or thirty) brand new MacBooks staring back at you that need to be configured for classroom use.
4. You’ve successfully connected to a wireless network and joined the MacBook/s to your domain using a local admin account on the MacBook.
5. After doing the things listed above and logging out of the local account you are presented with the soul-crushing message shown below and are unable to login to your MacBook using an Active Directory account.

The Solution

I don’t want to complain about how much time I spent scouring the web for an easy to follow, well-documented process for this; so I won’t. Needless to say, such a thing does did not exist. And, so, I hope you find this helpful.

I’m going to assume that if you’re trying to pull this off on more than just one machine, you’ve got the means necessary to clone your machine after performing these steps. If not, I’d suggest taking a look at Carbon Copy Cloner.

Install macOS Server & enable Profile Manager

1. Install macOS Server on your Apple computer of choice. The profile we’ll be creating (which will contain the configuration settings for your wireless network) can be installed on the same machine as your server, or deployed to other machines after the fact. In my situation, I installed macOS server on one of the MacBooks I was deploying.
2. Open macOS Server and follow the prompts to install it locally.
3. Follow the steps in the screenshots below.
4. Beneath Services, click Profile Manager
   
   
5. In the top-right corner of the Server window, click the slider to Profile Manager On.
   
6. You’ll be presented with a welcome screen of sorts. Click Next.
7. Provide the required info about your workplace. This way if a stranger accesses your server, they’ll know it belongs to you. Click Next.
   
8. Select the local certificate you’ve apparently just created, then click Next.
   
9. You must enable push notifications. Login using your Apple ID and password. Click Next.
   
10. Once the push certificate has been acquired, click Finish.
11. Click Change to allow your password to be stored (I think) on your server.
    

Build the wireless profile

1. Near the bottom of the window, click to open Profile Manager in your default browser.
   
2. Enter your local admin account’s username and password, then click Login.
   
3. Click Users, then click to select your local admin account.
   
4. Near the top, click Settings then click Edit.
   
5. Select the radio button to make this a Manual Download profile. Then, on the left, click Network. Click Configure.
   
6. Enter the appropriate information for your wireless network. Be sure to click the Use as a Login Window configuration checkbox as this is what will allow your machine to stay connected at the login screen.
   
   It’s also worth noting that if your network expects a trusted certificate, you’ll first need to add that certificate by clicking Certificates on the left before it’s accessible inside the Trust portion of the network configuration page.
7. Once everything looks right, click OK, then Save, then Download, then macOS. This will download a .mobileconfig file that, when opened, will add the wireless network to whichever machine you opened it on.
   

Reap

If everything went according to plan, you should now have a MacBook that automatically connects to your wireless network AND stays connected at the login screen! To test this theory make sure you’ve joined your MacBook to your domain. Then, ensure you’ve got Name and password selected as the value for Display login window as:. This value can be found inside of System Preferences –> Users & Groups –> Login Options.

Ok, all that’s left to do is logout of your local admin account and attempt to login with a domain account. You should see something like this:

Troubleshooting

If your MacBook is having trouble connecting to your network, double check the configuration you made in steps 5-6 above. Edit, save, and download as needed. If you hit any snags along the way, please don’t be a stranger. I’m far from an expert when it comes to all things Apple, but I’d like to help in any way I can. Leave a comment below or drop me a line.