Problems with Joining Mac computers to AD infrastructure

Recommended Posts


Dear All,


What are the issues with joining mac's on active directory network?

Link to post
Share on other sites

Sometimes not many, sometimes countless. Really need some more information on what you're trying to achieve here because various scenarios can result in different issues.


Are you hoping to just use it for authentication? Are you expecting it to behave like any other computer object in AD?


Give us something to work with :).

Link to post
Share on other sites

I want to enforce my mac users to change there passwords ever year, plus the other GPO benefits...

Link to post
Share on other sites
25 minutes ago, GrayW said:

Sometimes not many, sometimes countless.

I concur, it's really an afterthought for Apple, they've all but completely given up on enterprise integration.


Enforcing password policy would work though, that functions as expected on macOS, but you wont get any GPO benefits because it doesn't handle those, period.


If you want to properly manage Macs in your environment you'd be looking at some type of third party service, like JAMF and to some degree KACE can do some, there is also free software such as Munki that can do software/patch deployment, you could use it to push scripts to manage settings as well.


Hopefully that helps you in your quest.

  • Like 3
Link to post
Share on other sites

As @JaredFrost said, if you've got the resources then go for something like JAMF. It resolves a vast number of the issues that can appear when integrating Apple devices.


If you haven't and you're really looking for GPO like behaviour, then you're going to need to use Profile Manager (which quite honestly doesn't work half the damn time). To use that, you're going to need macOS Server running on a device that is the same version as the devices you are managing. Sometimes you can get away with being a version either side, but that just causes more issues. Unfortunately, they make macOS Server more and more useless with each update. This is where you enter the world of the "Golden Triangle".


I'll be honest, it's become so problematic and unstable these days that I'm currently planning the move away from macOS Server to Munki for the software and patching + Ansible/Chef for configuration management/quick setups and just having them bound to AD for the authentication.


It's a deep dark rabbit hole if you don't have the time and money to throw at it.

Link to post
Share on other sites

GPO does not apply to MAC unfortunately. 


You can utilize and MDM solution to manage macs or you can utilize an OSX server.

Link to post
Share on other sites
  • 2 weeks later...

If your only goal is to centrally set and control password policies for your Mac infrastructure I think you would be better served by an MDM solution. As others have mentioned good MDM products include JAMF, VMware AirWatch and Microsoft InTune. As it sounds like you already have the Microsoft stack deployed perhaps InTune would be a good fit.


One of the major drawbacks with Mac's in an active directory domain is the keychain. I've found that quite often users are prompted to change their password when using separate Microsoft apps such as OWA (Outlook Web Access) or RDS. When the password is reset outside of MacOS the keychain password is not updated. This seems to cause almost endless password prompts and authentication issues.


I'd roll out a good MDM and leave the Mac's with local logins.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By News Staff
      Get the Complete RapidWeaver 8 Bundle at 90% off for only $49.99
      by Steven Parker

      Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where for only a limited time you can save 90% off the Complete RapidWeaver 8 Bundle. Get up to speed with this powerful site builder and master It with four expert-led courses.

      This bundle consists of the following items:

      RapidWeaver 8
      Build the Site You've Always Wanted with an Intuitive UI, Hundreds of Add-ons & Absolutely Zero Code Responsive Sites With Foundation Video Course
      Ditch the Theme-Based Designs & Start Creating Responsive Sites with Foundation RapidWeaver SEO Video Course
      Up Your RapidWeaver Site's Searchability with a Look at the SEO Essentials RapidWeaver Online Blogging Video Course
      Master TotalCMS & Create a Professional Blog for Publishing Content Good to know
      Lifetime subscription Max number of devices: 5 Updates included Redemption deadline: redeem your code within 30 days of purchase For terms, specs and license info, click here.

      Here's the deal:
      This Complete RapidWeaver 8 Bundle normally costs $500 but it can be yours for only $49.99 for a limited time, that's a saving of $450.01 (90%) off!

      >> Get this deal, or learn more about it <<
      See all Apps + Software on offer. This is a time limited deal.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      If this offer doesn't interest you, why not check out the following offers:

      The Win Your Dream 2020 Tesla Model 3 Giveaway
      The Nintendo Gaming Bundle Giveaway 20% off Ivacy VPN subscription with coupon code IVACY20 NordVPN subscription at up to 68% off for a 2 year plan Private Internet Access VPN subscription at up to 71% off Unlocator VPN or SmartDNS unblock Geoblock with 7-day free trial Disable Sponsored posts · Other recent deals · Preferred partner software

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By Abhay V
      Microsoft plans to unify Outlook across platforms using web technologies
      by Abhay Venkatesh

      Microsoft is working to unify Outlook on all platforms by moving the email clients for all platforms to a shared architecture. In one of the on-demand Ignite sessions titled ‘The Evolution of Outlook’, JJ Cadiz, partner group program manager at the firm, listed the benefits that the company aims to bring to the email client by moving to a web-based platform, and also showed off some of the capabilities that are powered by what the company calls Outlook on the web Powered Experiences (OPX).

      The Redmond giant is working to move the Windows, macOS, and mobile clients to a common architecture at the UI layer, such as by using React – something that the versions across clients like iOS, Android, and macOS use. To provide reliable sync across these devices, the company aims to use Microsoft Sync Technology (MST) as a common sync stack, which the firm also brought to the redesigned Mac app.

      The company says that the common architecture enables it to deliver features faster to more platforms while also maintaining consistency of those features – all while reducing engineering costs. It plans to build features on the web first and then port them over to other platforms on both the desktop and mobile faster. Some examples include the new Room Finder feature in the calendar for Outlook on the web that is making its way to other platforms.

      In addition to performance improvements and development efficiencies brought by a shared architecture, the session also details the efforts being made to further integrate other Microsoft 365 offerings with Outlook. The company showed off an improved spell-checking experience, immersive reader in Outlook on the desktop, and translator capabilities – in line with improvements being made to Word.

      The session also shows off other capabilities coming to the app that are enabled by OPX, such as Teams chat integration into the web client – and eventually the desktop apps – to directly view Teams messages and files through Outlook. Using OPX, Microsoft will also be bringing complete app modules from the web, such as the To Do experience, in Outlook for Windows, helping the app better integrate with the company’s tasks solution.

      While the company did not specify a timeframe for when it plans to bring these OPX-powered changes to the desktop clients, it notes that Office Insiders will be able to first try these features out.

      Source: Microsoft TechCommunity via Thurrott

    • By Abhay V
      Teams now supports native OS notifications for preview users on Mac and Windows
      by Abhay Venkatesh

      Microsoft Teams preview users can now choose to switch between Teams’ own notification toasts and the native OS notifications on Windows and macOS. The feature to switch between the two forms of notifications has begun rolling out for users running the developer preview version of the app and was spotted by Twitter user Matt Wade.

      Teams utilizes its own notifications designs, which are different from the OS-level notifications that are present on Windows and macOS. The difference means that they are not visible with other native prompts, do not adhere to all native settings, and are also managed directly through the app. While the support for native notifications is a small feature, it will be a welcome addition for those that prefer the native Windows toasts which can be managed along with other prompts.

      The setting can be accessed under the Notifications section where users can choose between built-in or native options under the ‘Appearance and sound’ section. While the tweet first suggested that it is live only for macOS, Wade added in a follow up tweet that the feature was also available on Windows as well.

      The feature is listed as currently under development in the Microsoft 365 roadmap, with a release set for September 2020. Considering that the feature is now being rolled out to preview users, it shouldn’t be long before it makes its way to the public next month.

    • By Rich Woods
      Apple beats expectations, reports $59.7B revenue in the third quarter and a 4-1 stock split
      by Rich Woods

      Today, Apple announced earnings for its third fiscal quarter of 2020, which ended at the end of June. The company beat expectations with $59.7 billion in revenue, an 11% increase over the same quarter last year.

      "Apple's record June quarter was driven by double-digit growth in both Products and Services and growth in each of our geographic segments," said Tim Cook, Apple’s CEO. "In uncertain times, this performance is a testament to the important role our products play in our customers’ lives and to Apple’s relentless innovation. This is a challenging moment for our communities, and, from Apple’s new $100 million Racial Equity and Justice Initiative to a new commitment to be carbon neutral by 2030, we’re living the principle that what we make and do should create opportunity and leave the world better than we found it."

      Obviously, the biggest chunk of the revenue pie goes to iPhone sales, which brought in $26.418B in sales. Behind that is actually services with $13.156B in revenue. That's followed by the rest of Apple's hardware categories, including $7.079B in Mac revenue, $6.582B in iPad revenue, and $6.45B in wearables, home, and accessories revenue.

      Apple also broke down its revenue by region. $27.018B came from North America, $14.173B came from Europe, $9.329B came from Greater China, $4.966B came from Japan, and $4.199B came from the rest of Asia Pacific.

      Apple is offering a $0,82 per share dividend on August 13 to anyone that owns the stock on August 10. On August 24, Apple's stock will split four to one, meaning that for every share that you own, you'll have three more.

    • By Abhay V
      Spotify's desktop apps updated with ability to stream to Chromecast devices
      by Abhay Venkatesh

      Spotify is updating its desktop apps on macOS and Windows, bringing the ability to stream to Chromecast devices. The Android and iOS apps were the only clients that could initiate a Chromecast stream via the Spotify Connect functionality. The updated app should be rolling out to all desktop versions now.

      The addition of the feature is a nifty one for Chromecast users that prefer the music streaming service on MacBook laptops or other Windows PCs since those could previously not cast their content to a TV. The stream initiation can be done right from the Spotify Connect UI at the bottom of the app, just like one would for switching between other devices. The connected Chromecast devices show up in the list of available devices.

      Image credit: 9to5Google The feature has been requested for a long time, as viewed on this Spotify Community thread which dates back to 2016. Recent responses by Rock Star MattSuda on multiple threads (via 9to5Google) confirmed the availability of the functionality. The app must be updated to version 1.1.38 or newer.

      Spotify is also bringing video podcasts to the app on all platforms. The addition of the ability to stream to a TV via Chromecast right from the desktop further makes the service a viable alternative to competing offerings.