Problems with Joining Mac computers to AD infrastructure


Recommended Posts

Sometimes not many, sometimes countless. Really need some more information on what you're trying to achieve here because various scenarios can result in different issues.

 

Are you hoping to just use it for authentication? Are you expecting it to behave like any other computer object in AD?

 

Give us something to work with :).

  On 03/12/2018 at 16:19, GrayW said:

Sometimes not many, sometimes countless.

Expand  

I concur, it's really an afterthought for Apple, they've all but completely given up on enterprise integration.

 

Enforcing password policy would work though, that functions as expected on macOS, but you wont get any GPO benefits because it doesn't handle those, period.

 

If you want to properly manage Macs in your environment you'd be looking at some type of third party service, like JAMF and to some degree KACE can do some, there is also free software such as Munki that can do software/patch deployment, you could use it to push scripts to manage settings as well.

 

Hopefully that helps you in your quest.

  • Like 3

As @JaredFrost said, if you've got the resources then go for something like JAMF. It resolves a vast number of the issues that can appear when integrating Apple devices.

 

If you haven't and you're really looking for GPO like behaviour, then you're going to need to use Profile Manager (which quite honestly doesn't work half the damn time). To use that, you're going to need macOS Server running on a device that is the same version as the devices you are managing. Sometimes you can get away with being a version either side, but that just causes more issues. Unfortunately, they make macOS Server more and more useless with each update. This is where you enter the world of the "Golden Triangle".

 

I'll be honest, it's become so problematic and unstable these days that I'm currently planning the move away from macOS Server to Munki for the software and patching + Ansible/Chef for configuration management/quick setups and just having them bound to AD for the authentication.

 

It's a deep dark rabbit hole if you don't have the time and money to throw at it.

  • 2 weeks later...

If your only goal is to centrally set and control password policies for your Mac infrastructure I think you would be better served by an MDM solution. As others have mentioned good MDM products include JAMF, VMware AirWatch and Microsoft InTune. As it sounds like you already have the Microsoft stack deployed perhaps InTune would be a good fit.

 

One of the major drawbacks with Mac's in an active directory domain is the keychain. I've found that quite often users are prompted to change their password when using separate Microsoft apps such as OWA (Outlook Web Access) or RDS. When the password is reset outside of MacOS the keychain password is not updated. This seems to cause almost endless password prompts and authentication issues.

 

I'd roll out a good MDM and leave the Mac's with local logins.

This topic is now closed to further replies.
  • Posts

    • We must seek out very different subs on Reddit. I find excellent conversation around gardening, ranching, home DIY (although in decline sadly), technology, home automation ... But you carry on with your shitposting.
    • It didn't take that long, with the extension disabled (Cookie AutoDelete), without even leaving the browser, back on Neowin, and I'm greeted by this pop-up! So it's worse than with the extension enabled! Because before, at least during the same session, I could come back without having to close this pop-up! I'm going to do with it as if nothing was happening, and simply close the window. 🤷🏽‍♂️
    • "Can" is fine. I want the ability for it to "not." Actually, I would prefer vice versa. But it has to be optional, otherwise companies wouldn't be too happy.
    • ChatGPT can now connect to Outlook, Teams, Gmail, Google Drive, and other services by Pradeep Viswanathan Apart from regular consumers, ChatGPT is also growing fast among business users. In fact, OpenAI now has 3 million paying (Enterprise, Team, and Edu) business users, up from 2 million in February. During a live stream today targeted toward business users, OpenAI announced that ChatGPT can now connect to more external services to pull in real-time context and provide more useful responses for users. The following are some of the external connectors available in ChatGPT Deep Research for Plus, Pro, Team, Enterprise, and Edu users: Microsoft Outlook Microsoft Teams Microsoft SharePoint Dropbox Box Google Drive Gmail Liner In addition to the above, IT admins in organizations can now build custom ChatGPT connectors using the popular Model Context Protocol (MCP). These custom connectors will allow organizations to make use of the data available inside their proprietary systems and other apps within ChatGPT, alongside pre-built connectors. Today, the ChatGPT team also announced a new feature called record mode for ChatGPT Team users on macOS. The record mode feature will allow users to capture meeting audio and get meeting transcriptions, meeting action items, summaries, etc. ChatGPT record mode will also be available to Plus, Pro, Enterprise, and Edu users in the future. Kevin Weil, Chief Product Officer at OpenAI, tweeted the following regarding today’s launch: While ChatGPT's new connectors and features mark significant progress, it faces a formidable challenge in the enterprise market against Microsoft 365 Copilot, which enjoys native integration within the Microsoft 365 ecosystem.
  • Recent Achievements

    • Apprentice
      DarkShrunken went up a rank
      Apprentice
    • Dedicated
      CHUNWEI earned a badge
      Dedicated
    • Collaborator
      DarkShrunken earned a badge
      Collaborator
    • Rookie
      Pat-Garrett went up a rank
      Rookie
    • Week One Done
      Outdoor Saunaio earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      341
    2. 2
      snowy owl
      167
    3. 3
      +FloatingFatMan
      162
    4. 4
      ATLien_0
      161
    5. 5
      Xenon
      128
  • Tell a friend

    Love Neowin? Tell a friend!