+ Post New Thread
Results 1 to 9 of 9
Mac Thread, Integrate macs with ad in Technical; Hi I have some macs, we use them locally at the mOment, however I would like to put them on ...
  1. #1
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    20

    Integrate macs with ad

    Hi

    I have some macs, we use them locally at the mOment, however I would like to put them on the domain so users can use windows shares and windows log on details.

    I know I need an Od mac server to do this but that's all I know. I would be grateful if someone could explain how to do this from the beginning.

    Thank you
    Sorry to sound a little dim
    Nick

  2. #2


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,591
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296
    you actually DONT need a mac server to do it you can alter the ad schema to support macs then edit the mac policies on a mac (same as if you had a 2003 server using a win7 box to edit win7 policies) there are posts about it on here somewhere if you cant find them i will try and dig out my documentation etc

  3. #3

    Join Date
    Jul 2007
    Location
    Lancs
    Posts
    388
    Thank Post
    45
    Thanked 21 Times in 19 Posts
    Rep Power
    18
    we have our macs joined to ad this can be done through the "directory utility" found in utilities and in here you can specify which people can administer them there is also a tick box which maps their home directory from the windows side if set up correctly.

  4. #4
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    20
    Cool, thanks chaps.

    Do you have any documentation on accomplishing this?

    Thanks
    Nick

  5. #5


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,591
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296
    i will have to dig out the ldif file (or better yet as you will probably suing osx 10.6 you will need to create one (and atm i cant remember how but)

    tested win 2003 r2 and osx 10.5.8

    create an ldif file requires an osx server (or access to one iirc) and ms adam (i will try and find my file but i cant remember wtf i did with it its been a while)
    edit found it

    extract the osx schema add.ldif to servers c drive and rename osx.ldif

    open up a command prompt and navigate to c: and enter the following (exactly as below except changing DC=school,DC=local to the appropriate domain name (it goes through the file and changes all dc=x to dc=school.local when the command is run))

    Code:
    ldifde /j . /k /i /f osx.ldif /v /c “DC=X” “DC=school,DC=local”
    that adds the necessary info to the ad schema to support managing apples

    next you need to add the schema management mmc (if its not already there run)

    Code:
    regsvr32 shhmmgmt.dll
    check for various attributes called apple-whatever

    while in there find the mac address attribute double click it and select index this attribute. close the mmc down

    Open up gpmc and edit the default domain policy. computer config-windows settings-security settings-account policies-passwords policies and set Store passwords using reversible encryption to enabled

    thats it on the pc side of things everything else is mac based.

    set up a mac and install all the software on it you want (so remote desktop, smartboard, open office, scratch etc)

    now you need a few admin/cloning programs
    server admin tools from apple (run system update after installing this to get the most up to date version)
    carbon copy cloner (ccc for short)Carbon Copy Cloner - Home allows you to clone one mac to another (images are NOT hardware dependant so one image works on macbooks imacs mini macs etc)
    if you want to clone bootcamp then you need winclone Download Winclone 2.2 Free - Easily backup and restore a bootable Windows partition on Mac OS X - Softpedia and some other small file it will ask for when you run it and link to the download

    (i will cover winclone later when ive finished testing it)

    ccc after you are happy with your mac and before you domain it you want to clone it. Now you can dump an image to a network drive (usually 10-20gb) but you cant restore from one needs to be a mac formatted drive (fat32 might work). The software is faily obvious what you want to do is clone macintosh hdd to a read only image file.

    once the mac is cloned its time to network it. First make sure the clock is the same on both as its quite fussy. Then go to accounts in system preferences and logon options and set it to type username and password and untick autologon . Now go to sharing and give the pc its mac name this wants to be different to the windows name (i usually call the mac name mac001 and pc name mac01). Now load finder and go to utilities directory utility click the show advanced settings button go to services (if the padlock is closed click it and insert password). Double click active directory click the administrative tab and tick allow administration by. There should be a box that says enterprise admins/domain admins add any other admin users you need so teachers etc. in active directory domain fill in domain name and click bind. Fill in username / password fior domain. Click the ok box then lock the padlock. if you go back to the directory servers tab your domain should now be listed and have a green light. You can now log on as whoever you choose but unless the users have $ shares their userareas wont work and atm no setting are applied. I will do that in another post

    now to managing them

    you should of installed workgroup manager now and be a part of the domain if not do that.

    log on as a domain admin and load finder and go to applications then server. Drag workgroup manager to the dock bar then load it. When it pops up about authentication ignore that and go to the top bar and server view directories. it will complain that "you are working with a local configuration database . . . " tick the do not show again box and ok. In the top right hand corner is a padlock, click this and fill in domain credentials at the top of the window is should now say authenticated as username to directory: /active directory/all domains. Now in the left window select the user group icon (looks like 3 people) then select staff or pupils (it helps a lot if you create a pupil group that contains 2003/4/5...... unless you need to manage them individually) then at the very top click preferences. The right hand pane will now show the options you can change. So for instance go into system preferences select manage always and lock them out of the system preferences by clicking show none (which dosent actually show no options but when they log in greys them out) cllick done then save. Now just go through the other options restricting the dock bar etc and making sure to set the proxt=y settings for EVERY protocol as there is no blanket setting.

    obviously as this requires editing a schema to it on a test system and if it goes pear shaped (i havnt had any issues on 2003/2008 though not tried r2 and 2008 requires a slightly different command but i cant remember the difference off hand but i thing the dc= in the command line needs to be dropped and you need the real domain name in the ldif file ) dont blame me
    Attached Files Attached Files

  6. Thanks to sted from:

    bart21 (7th January 2011)

  7. #6

    Join Date
    Jul 2007
    Location
    Lancs
    Posts
    388
    Thank Post
    45
    Thanked 21 Times in 19 Posts
    Rep Power
    18
    there is this link too How-To-Mac Simple joining a Mac to Active Directory 10.6 it snot as detailed as above but shows you some graphics if you click the advance options once you begin to join it to ad you will then find admistrative rights and hoem directory options.

    With regards to the time on a mac we have had issues with them they tend to speed up and cause problems with user not being able to logon as they are not the same time as the windows network we found that you can type the ip address in of your time server in to the time zone box on the mac

  8. Thanks to LukeC from:

    bart21 (9th January 2011)

  9. #7

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,778
    Thank Post
    146
    Thanked 564 Times in 508 Posts
    Rep Power
    153
    We integrated Macs with AD, firstly using the Directory Utility which gave us user areas etc, then we added a Mac Mini Server later on. This gave us full flexibility on locking them down, and adding OD. The MMS isn't expensive from an Apple dealer to be fair, though they don't come with any RAID setup which is daft. Converting to RAID 1 is easy though.

  10. Thanks to 3s-gtech from:

    bart21 (9th January 2011)

  11. #8
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    20
    Quote Originally Posted by 3s-gtech View Post
    We integrated Macs with AD, firstly using the Directory Utility which gave us user areas etc, then we added a Mac Mini Server later on. This gave us full flexibility on locking them down, and adding OD. The MMS isn't expensive from an Apple dealer to be fair, though they don't come with any RAID setup which is daft. Converting to RAID 1 is easy though.
    Do you have any instructions on setting up the osx server to lock them down?

  12. #9

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,778
    Thank Post
    146
    Thanked 564 Times in 508 Posts
    Rep Power
    153
    I used the documentation in the Sticky Mac thread on here, as well as a bit of Googling. Basically, I added my AD users to an OD group called OD Managed in the Workgroup Manager. I then added the Macs to a managed group of computers in the manager. That way, I could alter per-user and per-machine settings.

SHARE:
+ Post New Thread

Similar Threads

  1. Integrate MRBS and Sharepoint?
    By Rhys in forum Windows
    Replies: 4
    Last Post: 8th January 2011, 12:00 AM
  2. Integrate Ubuntu clients into AD
    By Number6 in forum *nix
    Replies: 18
    Last Post: 25th July 2010, 10:16 PM
  3. Bluetooth on Macs
    By bigtime5001 in forum Mac
    Replies: 8
    Last Post: 18th February 2010, 10:40 AM
  4. Integrate Moodle & Exchange Server 2003
    By kieran8055 in forum Virtual Learning Platforms
    Replies: 5
    Last Post: 23rd September 2009, 07:31 PM
  5. Replies: 9
    Last Post: 24th April 2008, 08:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •