This is an oldie but a goodie..
I’ve found in various environments that if you’ve got AD Mobile Accounts setup on a mac that has an Airport Card as is not connected to the Office LAN logins can take upto 10 minutes.
In all of these environments, the AD Domain was not resolvable outside the LAN.
There are three solutions for this:
- Allow one of your domain controllers & DNS servers to be accessible across from the cloud.
- Have an External DNS entry created for the AD Domain Name.
- Turn off the Airport card at logout.
The 2nd option only really works with Domain Names like mycompany.com, as you’ll have a website with a DNS name of http://mycompany.com. (Also, if you have this already in place you’ll not have the issue). But it’s not possible in all circumstances.
The 3rd option is the easiest to test & is the only real option in any environment with strict compliance polices.
We perform the 2nd option by running the below at via the JSS as a policy that’s triggered at “logout,” is also ran offline & is scoped to all Macs with an Wireless card, steps for creating an extension attribute for this can be found here.