Mac Thread, RE: Active Directory Authentication How To in Technical; I understand how to do what is required on the Mac to add a machine to AD, however upon asking ...
20th June 2013, 04:13 PM #1
- Rep Power
RE: Active Directory Authentication How To
I understand how to do what is required on the Mac to add a machine to AD, however upon asking the questions of what needs to be done server end (i.e in AD to allow the machines to then be managed) I am told it is all very complicated - no answers just cant be done that simply 'I know what it takes to add a unix machine to AD and its very complex' -
can some confirm/explain that this is the case or is it that the person telling me this doesn't know?
21st June 2013, 01:29 PM #2
Your post heading 'Active Directory Authentication How to' has nothing really to do with what you're really asking. Apple already provides a built-in tool (Active Directory plug-in in the Directory Utility application) for identifying, authenticating and authorizing users existing in an active directory database using their account credentials when logging into a non-Microsoft operating system.
And that's the key to beginning to answer your real question which is about management of non-microsoft operating system workstations using the global policy management console.
Micosoft's GPOs where only ever designed to be applicable to Microsoft operating systems. To begin to apply them to something else takes a major effort as well as a deep understanding of the core technologies involved. No offense intended but this level of expertise goes beyond what most school network administrators have. Besides their salary may not begin to cover it either! Even if you've gone to the effort of altering your Active Directory schema (a schema is a set of rules that govern the behaviour of the database it's applicable for) to accommodate Mac OS X you'd have no guarantee the next Microsoft Service Pack or update won't undo the 3-5 days of work you've done. Of course if money is a problem then altering the schema is the 'cheapest' way of doing it.
In most people's opinion it's far better to incorporate and utilise an extremely cheap Server App (£13.99) that can be ran on any current Mac hardware. Alternatively what most people go for is a MacMini Server. It has a small form factor, it's cheap and has the Server App included. The Open Directory schema (apple's equivalent of AD) is much, much smaller and won't take up a lot of hard disk space. From there all that's required is the amount of time it takes to 'learn' the software and OS. You'd have to do half of this work anyway if you're considering to or have already deployed apple hardware in your windows network infrastructure.
If money is not an object some will consider using a 3rd-party helper application. This is installed on your Windows Servers and it acts as an 'overlay' for the more dominant and much larger Active Directory schema. The helper application takes the burden of mapping object classes and values from one schema to another out of your hands and does it all for you. Some of the most popular (and expensive) are Caspar, Centrify and Likewise. There are others which you can google for yourself.
Your final question ' . . . is this the case or is the person telling me this doesn't know?'; I'd say the person has it about right.
Antonio Rocco (ACSA)
Last edited by AntonioRocco; 21st June 2013 at 01:31 PM.
2 Thanks to AntonioRocco:
GirlsinIT (21st June 2013), mac_shinobi (21st June 2013)
21st June 2013, 01:46 PM #3
Simple AD Authentication with no management of applications or services should work straight out of the box using the Active Directory Utility as Rocco points out
For management of Applications, services and controlling the end users experience you really need to invest in a MAC server or Server App (as Rocco suggests) and have it work in what they call a magic triangle setup. This setup involves using Microsoft AD for authentication and Apple OD for management of the devices.
Thanks to Davit2005 from:
GirlsinIT (21st June 2013)
21st June 2013, 03:16 PM #4
- Rep Power
Thanks to you both -
This is what I needed (am not offended at all) I wanted to attempt to understand what the 'very complex - obviously above my silly little head' was - not just go away you won't understand. Much appreciated. :-)
21st June 2013, 03:17 PM #5
Just want to thank Antonio for his help ref macs and AD !!
Originally Posted by AntonioRocco
Hopefully not side tracking, clearly knows his stuff !!!
23rd June 2013, 12:58 AM #6
Just to add I was in exactly your position this time last year but couldn't be happier with the results I got. I have my iMacs attached via AD and use a mac mini server to manage them. Get yourself a mac mini server and a copy of Apple remote desktop (from app store) and your wonder why you were ever worried. The first I remotely installed software to all my imacs I could have cried for joy at how well it went and now I have upgraded my server to Mountain Lion, it has gotten even easier.
I don't like iMacs, I don't like the people who use iMacs but if you have to have them, managing them with both AD and a mini server is a pleasure.
Last Post: 21st October 2014, 10:48 AM
By Joedetic in forum *nix
Last Post: 26th January 2012, 11:46 PM
By fooby in forum Wireless Networks
Last Post: 16th February 2006, 06:08 PM
By daverage in forum Wireless Networks
Last Post: 2nd February 2006, 02:34 PM
By Wizzer in forum Web Development
Last Post: 26th January 2006, 05:21 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)