MacOS in a Windows domain - what's your setup?

d_brennen · 8 Mar 2019 at 15:55

We have approx 15 Macs of various ages in a Windows network and currently use Workgroup Manager for AD/OD login/share mapping/permissions but it's woefully outdated, out of support and Mac server it's running on is having RAID controller issues and will probably bite the dust soon. I'm a Windows guy and know very little about Apple and not sure the best route forward...

All I need is:

Login via AD credentials
Map user shares (all NTFS folders on Windows Server 2012) to mirror the user's Windows experience
Restrict local admin rights on the Macs

It'd be desirable to be able to push software and take snapshots of the machines but not essential.

What's everyone using these days?

visibleman · 8 Mar 2019 at 17:58

I'd get yourself on the MacAdmins slack channel; wealth of information over there with regards to management.

NoMad would handle the AD side of things which allows sync'ing to AD without binding - i've never had 100% success with direct binds to AD (tbh, never had 100% success connecting to Apple's own LDAP servers).
For management, ideally you'd opt for a MDM solution and there are free solutions like MicroMDM, SimpleMDM etc. But JAMF is the most known and perhaps best (in terms of features + support/community) albeit it's costly.
Deploying software/packages, look at Munki although some MDM's like JAMF support a similar feature.

I'd start by looking at NoMad for the AD sync'ing and then if you really need remote management (ie - you can't get to the machines) look at deploying a MDM.

Avathar77 · 8 Mar 2019 at 19:11

You can have Nomad with JAMF connected to OKTA

d_brennen · 9 Mar 2019 at 11:22

Great thanks. I've seen the names but each time I've looked into it, it seems Apple lost all interest in playing nice with Windows domains.

Nomad looks like a good starting point.

Caged · 9 Mar 2019 at 14:48

Jamf jamf jamf jamf jamf jamf jamf jamf

If you need assistance with it all then speak to dataJar, great bunch of people

visibleman · 9 Mar 2019 at 18:07

d_brennen said:
... it seems Apple lost all interest in playing nice with Windows domains.

They lost interest in the enterprise/business market years ago, hence the need for third-parties to really get anywhere.

Certainly NoMad will get you started with AD.
And thinking aloud, you could use Munki to not only deploy software but also configuration files (ie - systems settings etc) either through profiles or wrapped packages (or NoPKG) - it's a bodgy, if not very ropey, solution but i can't see why it wouldn't work.

Forgot to mention, JAMF requires (might be Pro only) a minimum number of devices (can't remember but it's around 30/40, that area any way) before they'll license it to you if going direct although you might be able to use a third-party seller to get around this if you really wanted it.
But, for 15 devices i'm not sure the cost is worth it even if it'll do everything for you.

As said, get yourself on MacAdmins as there's dedicated channels for NoMad, JAMF and other various solutions if you need help.

Yaayuh! · 21 Mar 2019 at 09:12

Our design department of 10 people are on the network, each user has domain accounts but their Macs are standalone. Gave up after we canned the Xserves years ago.

d_brennen · 23 Mar 2019 at 19:33

Rossi~ said:
Our design department of 10 people are on the network, each user has domain accounts but their Macs are standalone. Gave up after we canned the Xserves years ago.

Reviewed a few choices and the ones posted here, think we're going the same way tbh. The cost/benefit of anything else (including my time) just isn't worth it. Goodbye Apple!

glenimp617 · 1 Apr 2019 at 08:43

Ripping them out, all 40 of them. Replacing with windows.

visibleman · 2 Apr 2019 at 13:56

TheOracle said:
Ripping them out, all 40 of them. Replacing with windows.

Not always possible due to required applications and/or work flows. However, i imagine it was far easier, and no doubt cheaper, for you to do that than head to a third-party for management etc.

I still believe Apple need's to step (back) in and provide tools and support for handling their products in business/enterprise environments; at the moment it's a bit of a mess and a headache. Maybe, if it gets released, it'll come with the new Mac Pro but i'm not holding out for it.

glenimp617 · 2 Apr 2019 at 14:14

visibleman said:
Not always possible due to required applications and/or work flows. However, i imagine it was far easier, and no doubt cheaper, for you to do that than head to a third-party for management etc.

I still believe Apple need's to step (back) in and provide tools and support for handling their products in business/enterprise environments; at the moment it's a bit of a mess and a headache. Maybe, if it gets released, it'll come with the new Mac Pro but i'm not holding out for it.

No, well...in truth it wasn't possible for us as a large number ran audio production software not available on windows.....yet we still did it (in the process of).

They were ok with it in the end as we found some software which did the job, just meant they had to learn how to use it.