Problems with Joining Mac computers to AD infrastructure


Recommended Posts

Sometimes not many, sometimes countless. Really need some more information on what you're trying to achieve here because various scenarios can result in different issues.

 

Are you hoping to just use it for authentication? Are you expecting it to behave like any other computer object in AD?

 

Give us something to work with :).

  On 03/12/2018 at 16:19, GrayW said:

Sometimes not many, sometimes countless.

Expand  

I concur, it's really an afterthought for Apple, they've all but completely given up on enterprise integration.

 

Enforcing password policy would work though, that functions as expected on macOS, but you wont get any GPO benefits because it doesn't handle those, period.

 

If you want to properly manage Macs in your environment you'd be looking at some type of third party service, like JAMF and to some degree KACE can do some, there is also free software such as Munki that can do software/patch deployment, you could use it to push scripts to manage settings as well.

 

Hopefully that helps you in your quest.

  • Like 3

As @JaredFrost said, if you've got the resources then go for something like JAMF. It resolves a vast number of the issues that can appear when integrating Apple devices.

 

If you haven't and you're really looking for GPO like behaviour, then you're going to need to use Profile Manager (which quite honestly doesn't work half the damn time). To use that, you're going to need macOS Server running on a device that is the same version as the devices you are managing. Sometimes you can get away with being a version either side, but that just causes more issues. Unfortunately, they make macOS Server more and more useless with each update. This is where you enter the world of the "Golden Triangle".

 

I'll be honest, it's become so problematic and unstable these days that I'm currently planning the move away from macOS Server to Munki for the software and patching + Ansible/Chef for configuration management/quick setups and just having them bound to AD for the authentication.

 

It's a deep dark rabbit hole if you don't have the time and money to throw at it.

  • 2 weeks later...

If your only goal is to centrally set and control password policies for your Mac infrastructure I think you would be better served by an MDM solution. As others have mentioned good MDM products include JAMF, VMware AirWatch and Microsoft InTune. As it sounds like you already have the Microsoft stack deployed perhaps InTune would be a good fit.

 

One of the major drawbacks with Mac's in an active directory domain is the keychain. I've found that quite often users are prompted to change their password when using separate Microsoft apps such as OWA (Outlook Web Access) or RDS. When the password is reset outside of MacOS the keychain password is not updated. This seems to cause almost endless password prompts and authentication issues.

 

I'd roll out a good MDM and leave the Mac's with local logins.

This topic is now closed to further replies.
  • Posts

    • Fully agree with that last sentence. I wasn't able to get the card I wanted at launch, and refuse to play these games with their MSRPs since then. Not a chance I'm going to encourage the price hiking, and I'm fine waiting however long I need to buy a card at the advertised MSRP - for myself however, it's for a 9070 XT... It sucks that lots of people don't do the same, but I get it. I am curious though, in earnest, about your remark about the 9070 XT vs the 5070 Ti - and not to debate or attempt to convince, just genuinely wondering assuming you're speaking of gaming - why do you mention the performance difference between the two being so stark? The 5070 Ti does certainly beat the former in efficiency, but all of the benchmarks I've seen have put them almost equal to each other in performance, with the two more or less trading blows depending on the game, and the overall difference around about 5% in favor of Green. Again, just curious! Not wanting to argue, the assertion was just intriguing to me.
    • I've been thinking about getting a new phone - I'm currently using the Samsung S20+. Looking at a comparison website, I think my only concerns are the resolution and possible sound downgrade. But for that price I think it might be worth trying out.
    • Due to upgrade (PC built in summer 2023). Lian Li O11 Dynamic EVO Black be quiet! Pure Power 12 M 850W ASRock X670E Steel Legend AMD Ryzen 9 7950X3D Boxed G.Skill Trident Z5 Neo RGB F5-6000J2836G16GX2-TZ5NRW NZXT Kraken Elite 360 RGB Zwart 2x Lian Li UNI FAN SL120, 1-pack, Zwart, 120mm 2x Lian Li UNI FAN SL120, 3-pack, Zwart, 120mm Lian Li Universal Vertical Gen4 GPU Riser-kit) MSI GeForce RTX 4070 VENTUS 2X 12G OC WD Black SN850X (no heatsink) 1TB Lexar NM710 2TB M2 Network card Marvell AQC113 10G/5G/2.5G/1000M Current worth to build €2,805 Receipts and original boxes included Notes: Lian Li Universal Vertical Gen4 GPU Riser-kit was bought second-hand SPDIF port cable holder broke (but works) Never been overclocked (except EXPO values) Includes ASRock Thunderbolt 4 AIC in box (not been used due to too few internal USB ports) 2nd Lian Li UNI FAN SL120, 1-pack, Black, 120mm in box (no time to build in rear of case) I am asking €1,800 on a local marketplace in The Netherlands, and although it has been favorited 4x I am only getting lowball offers. It was first listed on May 14. Would I be more successful selling without the video card?
  • Recent Achievements

    • First Post
      brynmot earned a badge
      First Post
    • Reacting Well
      brynmot earned a badge
      Reacting Well
    • Week One Done
      Al_ earned a badge
      Week One Done
    • Week One Done
      MadMung0 earned a badge
      Week One Done
    • Reacting Well
      BlakeBringer earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      478
    2. 2
      +FloatingFatMan
      274
    3. 3
      ATLien_0
      243
    4. 4
      snowy owl
      209
    5. 5
      Edouard
      182
  • Tell a friend

    Love Neowin? Tell a friend!