+ Post New Thread
Results 1 to 11 of 11
Mac Thread, Joining MAC's to a Windows 2008 Domain in Technical; Our Art room has 3 MAC workstations and a MACBOOK which the teacher would like joined to our Windows 2008 ...
  1. #1
    speckytecky's Avatar
    Join Date
    May 2006
    Location
    UK
    Posts
    2,564
    Thank Post
    3,469
    Thanked 286 Times in 215 Posts
    Blog Entries
    3
    Rep Power
    116

    Joining MAC's to a Windows 2008 Domain

    Our Art room has 3 MAC workstations and a MACBOOK which the teacher would like joined to our Windows 2008 Domain. Never been near MACs before so I was wondering if there are any guides someone could point me toward please.

  2. #2

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,926
    Thank Post
    155
    Thanked 605 Times in 544 Posts
    Rep Power
    160
    Top of this forum is a sticky, I used this and it was spot on. Some problems reported with 10.6 (Snow Leopard) though.

  3. Thanks to 3s-gtech from:

    speckytecky (17th December 2009)

  4. #3
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75
    I'm no MAC expert but i've seen a few threads and know a school that use a Mac mini as an OSX server apparently this can then have a trust with active directory. As the Macs then use the OSX server it all works more smoothly.

  5. Thanks to cookie_monster from:

    speckytecky (17th December 2009)

  6. #4


    Join Date
    Jul 2007
    Location
    Rural heck
    Posts
    2,662
    Thank Post
    120
    Thanked 433 Times in 352 Posts
    Rep Power
    126
    It's doable, but you can't join them to the domain and lock them down without either using 3rd party software or having a Mac server (it can any sort of mac).

  7. Thanks to K.C.Leblanc from:

    speckytecky (17th December 2009)

  8. #5


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,814
    Thank Post
    231
    Thanked 888 Times in 763 Posts
    Rep Power
    301
    in a nutshell (more detailed versions are on here or i can post if needed) modify the ad schema s the apples have somewhere to store their settings. Set ad to index mac addresses. install workgroup manager on a mac (personally i set up a mac with all software including this and clone it using carbon copy cloner so they are all the same) use directory util on the mac and add it to the domain and make domain admins local admins. play round with workgroup manager till its locked as you want it

  9. Thanks to sted from:

    speckytecky (17th December 2009)

  10. #6

    Join Date
    Jan 2007
    Location
    The Console
    Posts
    236
    Thank Post
    22
    Thanked 29 Times in 23 Posts
    Rep Power
    22
    You can join your Macs to your Windows 2008 domain (which is what we do), by going in to Directory Utility --> Services --> Active Directory and 'binding' them in there, which is the same as what you do on Windows when you join. From here your Mac machines will log in to your Windows domain, and depending on your set up, mount a home folder and so forth.

    If you want to lock the Macs down Group Policy style, you need a Mac running OS X Server. This comes with Workgroup Manager, which is like GPO for Macs. Any crappy old Mac from the last 8 years could cope with this task providing it meets the requirements for whatever version of OS X Server you wish to install.

  11. 2 Thanks to iSteve:

    jeverington (6th January 2010), speckytecky (8th January 2010)

  12. #7


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,814
    Thank Post
    231
    Thanked 888 Times in 763 Posts
    Rep Power
    301
    Quote Originally Posted by iSteve View Post
    You can join your Macs to your Windows 2008 domain (which is what we do), by going in to Directory Utility --> Services --> Active Directory and 'binding' them in there, which is the same as what you do on Windows when you join. From here your Mac machines will log in to your Windows domain, and depending on your set up, mount a home folder and so forth.

    If you want to lock the Macs down Group Policy style, you need a Mac running OS X Server. This comes with Workgroup Manager, which is like GPO for Macs. Any crappy old Mac from the last 8 years could cope with this task providing it meets the requirements for whatever version of OS X Server you wish to install.
    you dont need a mac server workgroup manager works on osx workstation you just need to make the appropriate schema changes to ad

  13. #8
    Rozzer's Avatar
    Join Date
    Aug 2005
    Location
    South West
    Posts
    720
    Thank Post
    21
    Thanked 81 Times in 61 Posts
    Rep Power
    33
    I have a website with a few resources. HowToMac.co.uk | Bringing the future of Apple into education

    Hope it helps.

    Ross

  14. Thanks to Rozzer from:

    speckytecky (8th January 2010)

  15. #9
    Robbocop's Avatar
    Join Date
    Dec 2009
    Location
    Nottingham, UK
    Posts
    166
    Thank Post
    5
    Thanked 41 Times in 35 Posts
    Rep Power
    15
    Good info on this thread already, so just to agree that you can bind your Macs to AD easily, and depending on what groups are using them that might do the job - ie if you don't need client lock down. If you want to lock them down you would either need an XServe or a Mac running as a server (with a licence for OSX Server software), or you can buy licences (one per client Mac required) for Centrify Active Directory Integration for Mac OS X which allows you to set Mac permissions for Mac clients directly on the windows server without changing your schema. The other thing you might want to investigate in Extreme Z-IP PC to Mac Issues? | Try Extreme-ZIP | Group Logic which allows the Windows server to talk to the Macs in their native AFP file format. This is quicker, and gets rid of the double files normally generated by the Macs. Both can be downloaded as trials and both are really good.

  16. Thanks to Robbocop from:

    speckytecky (8th January 2010)

  17. #10


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,814
    Thank Post
    231
    Thanked 888 Times in 763 Posts
    Rep Power
    301
    Quote Originally Posted by Robbocop View Post
    Good info on this thread already, so just to agree that you can bind your Macs to AD easily, and depending on what groups are using them that might do the job - ie if you don't need client lock down. If you want to lock them down you would either need an XServe or a Mac running as a server (with a licence for OSX Server software), or you can buy licences (one per client Mac required) for Centrify Active Directory Integration for Mac OS X which allows you to set Mac permissions for Mac clients directly on the windows server without changing your schema. The other thing you might want to investigate in Extreme Z-IP PC to Mac Issues? | Try Extreme-ZIP | Group Logic which allows the Windows server to talk to the Macs in their native AFP file format. This is quicker, and gets rid of the double files normally generated by the Macs. Both can be downloaded as trials and both are really good.
    you DONT need a mac server you can lock them down from a normal mac quite happily if you modify the ad schema

  18. #11
    Robbocop's Avatar
    Join Date
    Dec 2009
    Location
    Nottingham, UK
    Posts
    166
    Thank Post
    5
    Thanked 41 Times in 35 Posts
    Rep Power
    15
    Sted: Agreed. However mostly we've found that people are reluctant to modify the schema. For a handful of Macs Centrify is really cheap. However, as it's a cost per client Mac, an XServe works out far cheaper on large numbers of Macs, and as XServes come with an unlimited SAL client count, you don't need to buy any more licences if you choose to add more Macs later. If you're happy to (or allowed to!) modify the schema, that's fine.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 19th March 2012, 08:58 AM
  2. Replies: 1
    Last Post: 30th November 2009, 06:32 PM
  3. Replies: 12
    Last Post: 16th November 2009, 03:30 PM
  4. Adding Mac's to a Windows Server 2008 Network
    By Iain.Faulkner in forum Mac
    Replies: 4
    Last Post: 26th June 2009, 09:01 AM
  5. Windows 2008 Quotas (W2K3 Domain)
    By MYK-IT in forum Windows Server 2008
    Replies: 2
    Last Post: 13th May 2009, 11:09 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •