Problems with Joining Mac computers to AD infrastructure


Recommended Posts

iampedro

Dear All,

 

What are the issues with joining mac's on active directory network?

Link to post
Share on other sites
GrayW

Sometimes not many, sometimes countless. Really need some more information on what you're trying to achieve here because various scenarios can result in different issues.

 

Are you hoping to just use it for authentication? Are you expecting it to behave like any other computer object in AD?

 

Give us something to work with :).

Link to post
Share on other sites
iampedro

I want to enforce my mac users to change there passwords ever year, plus the other GPO benefits...

Link to post
Share on other sites
JaredFrost
25 minutes ago, GrayW said:

Sometimes not many, sometimes countless.

I concur, it's really an afterthought for Apple, they've all but completely given up on enterprise integration.

 

Enforcing password policy would work though, that functions as expected on macOS, but you wont get any GPO benefits because it doesn't handle those, period.

 

If you want to properly manage Macs in your environment you'd be looking at some type of third party service, like JAMF and to some degree KACE can do some, there is also free software such as Munki that can do software/patch deployment, you could use it to push scripts to manage settings as well.

 

Hopefully that helps you in your quest.

  • Like 3
Link to post
Share on other sites
GrayW

As @JaredFrost said, if you've got the resources then go for something like JAMF. It resolves a vast number of the issues that can appear when integrating Apple devices.

 

If you haven't and you're really looking for GPO like behaviour, then you're going to need to use Profile Manager (which quite honestly doesn't work half the damn time). To use that, you're going to need macOS Server running on a device that is the same version as the devices you are managing. Sometimes you can get away with being a version either side, but that just causes more issues. Unfortunately, they make macOS Server more and more useless with each update. This is where you enter the world of the "Golden Triangle".

 

I'll be honest, it's become so problematic and unstable these days that I'm currently planning the move away from macOS Server to Munki for the software and patching + Ansible/Chef for configuration management/quick setups and just having them bound to AD for the authentication.

 

It's a deep dark rabbit hole if you don't have the time and money to throw at it.

Link to post
Share on other sites
sc302

GPO does not apply to MAC unfortunately. 

 

You can utilize and MDM solution to manage macs or you can utilize an OSX server.

Link to post
Share on other sites
  • 2 weeks later...
CoadyTech

If your only goal is to centrally set and control password policies for your Mac infrastructure I think you would be better served by an MDM solution. As others have mentioned good MDM products include JAMF, VMware AirWatch and Microsoft InTune. As it sounds like you already have the Microsoft stack deployed perhaps InTune would be a good fit.

 

One of the major drawbacks with Mac's in an active directory domain is the keychain. I've found that quite often users are prompted to change their password when using separate Microsoft apps such as OWA (Outlook Web Access) or RDS. When the password is reset outside of MacOS the keychain password is not updated. This seems to cause almost endless password prompts and authentication issues.

 

I'd roll out a good MDM and leave the Mac's with local logins.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Abhay V
      Teams now supports native OS notifications for preview users on Mac and Windows
      by Abhay Venkatesh



      Microsoft Teams preview users can now choose to switch between Teams’ own notification toasts and the native OS notifications on Windows and macOS. The feature to switch between the two forms of notifications has begun rolling out for users running the developer preview version of the app and was spotted by Twitter user Matt Wade.

      Teams utilizes its own notifications designs, which are different from the OS-level notifications that are present on Windows and macOS. The difference means that they are not visible with other native prompts, do not adhere to all native settings, and are also managed directly through the app. While the support for native notifications is a small feature, it will be a welcome addition for those that prefer the native Windows toasts which can be managed along with other prompts.

      The setting can be accessed under the Notifications section where users can choose between built-in or native options under the ‘Appearance and sound’ section. While the tweet first suggested that it is live only for macOS, Wade added in a follow up tweet that the feature was also available on Windows as well.

      The feature is listed as currently under development in the Microsoft 365 roadmap, with a release set for September 2020. Considering that the feature is now being rolled out to preview users, it shouldn’t be long before it makes its way to the public next month.

    • By Rich Woods
      Apple beats expectations, reports $59.7B revenue in the third quarter and a 4-1 stock split
      by Rich Woods



      Today, Apple announced earnings for its third fiscal quarter of 2020, which ended at the end of June. The company beat expectations with $59.7 billion in revenue, an 11% increase over the same quarter last year.

      "Apple's record June quarter was driven by double-digit growth in both Products and Services and growth in each of our geographic segments," said Tim Cook, Apple’s CEO. "In uncertain times, this performance is a testament to the important role our products play in our customers’ lives and to Apple’s relentless innovation. This is a challenging moment for our communities, and, from Apple’s new $100 million Racial Equity and Justice Initiative to a new commitment to be carbon neutral by 2030, we’re living the principle that what we make and do should create opportunity and leave the world better than we found it."

      Obviously, the biggest chunk of the revenue pie goes to iPhone sales, which brought in $26.418B in sales. Behind that is actually services with $13.156B in revenue. That's followed by the rest of Apple's hardware categories, including $7.079B in Mac revenue, $6.582B in iPad revenue, and $6.45B in wearables, home, and accessories revenue.

      Apple also broke down its revenue by region. $27.018B came from North America, $14.173B came from Europe, $9.329B came from Greater China, $4.966B came from Japan, and $4.199B came from the rest of Asia Pacific.

      Apple is offering a $0,82 per share dividend on August 13 to anyone that owns the stock on August 10. On August 24, Apple's stock will split four to one, meaning that for every share that you own, you'll have three more.

    • By Abhay V
      Spotify's desktop apps updated with ability to stream to Chromecast devices
      by Abhay Venkatesh



      Spotify is updating its desktop apps on macOS and Windows, bringing the ability to stream to Chromecast devices. The Android and iOS apps were the only clients that could initiate a Chromecast stream via the Spotify Connect functionality. The updated app should be rolling out to all desktop versions now.

      The addition of the feature is a nifty one for Chromecast users that prefer the music streaming service on MacBook laptops or other Windows PCs since those could previously not cast their content to a TV. The stream initiation can be done right from the Spotify Connect UI at the bottom of the app, just like one would for switching between other devices. The connected Chromecast devices show up in the list of available devices.

      Image credit: 9to5Google The feature has been requested for a long time, as viewed on this Spotify Community thread which dates back to 2016. Recent responses by Rock Star MattSuda on multiple threads (via 9to5Google) confirmed the availability of the functionality. The app must be updated to version 1.1.38 or newer.

      Spotify is also bringing video podcasts to the app on all platforms. The addition of the ability to stream to a TV via Chromecast right from the desktop further makes the service a viable alternative to competing offerings.

    • By Abhay V
      Apple confirms that ARM Macs will support Intel's Thunderbolt standard
      by Abhay Venkatesh

      Apple announced its plans to use its in-house ARM processors for future Mac PCs, during this year’s WWDC. This means that the company will stop using Intel’s offerings in its devices. The move brought some confusion on whether Macs will still support the Thunderbolt standard or not since that is owned by Intel.

      The Cupertino giant, in a statement to The Verge, has clarified that it is “committed to the future of Thunderbolt” and that it will support the standard on Macs with Apple Silicon. The iPhone company originally built the standard with Intel, and began integrating it into its MacBook laptops as early as 2011. Recently, almost all of the firm’s laptop offerings come with Thunderbolt 3 ports.

      Apple's complete statement reads:

      None of Apple’s non-Intel offerings support the super-fast universal standard yet. The company added USB-C support with the 2018 iPad Pro models, finally ditching the Lightning port. However, those professional-grade devices too do not support the high-speed standard.

      It is possible that with the move to Apple Silicon, the company might begin integrating the recently announced Thunderbolt 4 standard into its offerings. Intel also announced the Thunderbolt 4 series 8000 controllers for PC makers, adding that it expects to see PCs supporting the new protocol launch later this year. While this includes PCs that come with the next-generation Tiger Lake processors, the timeline also aligns with the promised ARM-powered Mac PCs that are slated to be announced before the end of the year.





    • By Hamza Jawad
      New capabilities for the Power BI Snowflake connector are now generally available
      by Hamza Jawad



      In February, Microsoft released a native Snowflake connector for Power BI, enabling single sign-on (SSO) for users connecting to Snowflake from Power BI Desktop or the Power BI service. More recently, some enhanced capabilities were added to the Snowflake connector. Today, it has been announced that these capabilities are now generally available.

      With the primary purpose of streamlining access to Snowflake data warehouses, the following enhancements are being provided:

      For those whom the SSO option is marked as unavailable, Power BI service admins will need to access Tenant settings in the Power BI Admin portal, and then enable the setting termed "Snowflake SSO". For more information on the Snowflake connector for Power BI, its documentation pages for Power BI Desktop and the Power BI Service can be visited to learn more.