Active directory integration for Macs

Discussion in 'Mac OS X Server, Xserve, and Networking' started by vrtigo1, Apr 10, 2014.

  1. vrtigo1 macrumors newbie

    Joined:
    Apr 10, 2014
    #1
    Hello,

    I am the network admin for a medium size company. We currently have about 200 PCs, all of which are joined to our Windows 2008 AD domain. We have about 15 macs and presently none of them are bound to AD.

    We have started getting more Macs and it is causing management headaches for us because at present everything for Mac users is different. What we would like to do is start binding these Macs to the domain so they follow the standard password processes and they can make use of the company directory for sharing files/folders with other users.

    What I have done thus far is I purchased a Mac Mini to use as a test system and I bound it to our domain. I checked the option to create a mobile account at login, so now I am able to login on the Mac using my AD credentials whether it is connected to our network or not (important for laptop users).

    I can connect to the Mac from my PC using SMB and I am not prompted for a password so I assume it is using my AD credentials, and I can also connect to PC servers from the Mac without getting prompted for credentials, so everything related to login and permissions seems to be working.

    The piece I seem to be missing is how to automatically connect shared network drives. On windows, I can push a login script via AD and connect multiple network drives. For example, every windows user gets an L: drive which is a public company-wide shared drive, an I: drive which has program installation files, a J: drive which is specific to the department that user is in, plus a few other mapped drives depending on the specific user/role.

    A lot of our Mac users are former PC users so they still want/need all of these drives. We can manually map them, but we are looking for an easier solution. I see that I can auto mount a home folder using AD, but I haven't really been able to find an easy way to map mount multiple shared folders. We would prefer a solution that doesn't require us to touch every Mac because it isn't really sustainable at that point, we want to be able to add/remove/change network drives at any given time without having to do anything other than edit the login script (how it works for our PCs).

    Any suggestions?
     
  2. satcomer, Apr 10, 2014
    Last edited: Apr 13, 2014

    satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #2
    Two things, one is in 10.9.x try using the cifs://ipaddress/share instead of smb://ipaddress.share. Plus are you using Microsoft Server 2008s2 because that is when Apple first bought Microsoft Sync?
     
  3. vrtigo1 thread starter macrumors newbie

    Joined:
    Apr 10, 2014
    #3
    Hello,

    Yes we are running Windows 2008 R2 version of AD but I don't think I am familiar with Microsoft Sync, can you provide more info on it?

    Thanks,
    FW
     
  4. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #4
    It has to do with the time Apple bought Microsoft Domain sync from Microsoft. Microsoft added to to the server Active Directory starting in version 2008r2 and better.

    Are you using the same time server in both machines?
     
  5. vrtigo1 thread starter macrumors newbie

    Joined:
    Apr 10, 2014
    #6
    It looks like autofs is what I would want but I am having a hard time finding an easily digestable howto on implementing it. It also looks like autofs can get maps and automounts via LDAP, but the same problem there. I know AD is an LDAP directory but most of the LDAP docs for autofs are related to Linux and Solaris.

    It seems like an automated way to map network folders to Macs must surely be a common request so I'm surprised there isn't an easy solution.
     
  6. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #7
    On the individual Mac you can have drives/applications start at boot up or login in System Preferences->Accounts- Login Items.
     
  7. vrtigo1 thread starter macrumors newbie

    Joined:
    Apr 10, 2014
    #8
    Thanks. I saw that, and it's what I'm using for the time being but the issues with that approach are:

    1) It causes the folders to open and be displayed at login, which isn't really desirable

    2) Every Mac has to be touched to configure this

    and

    3) There's no way to update folder mappings without retouching every Mac
     
  8. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #9
    You can configure these remotely using Profile Manager or loading profiles on the Mac client with your favorite Mac software distribution tool or by running a Mac Server and using Workgroup Manager.
    This forum isn't really useful for enterprise Mac management questions. You ought to have a look at http://afp548.com and also http://www.macenterprise.org and the accompanying mailing list archives at http://lists.psu.edu/archives/macenterprise.html
     
  9. quackers82 macrumors 6502

    Joined:
    Mar 13, 2014
    #10
    Hi, i was in your position about 6 months ago, i manage over 700 Windows 7 PC's / Laptops and we now have 50 Macs too.

    You need Profile Manager to do the equivalent of group policies on the Macs. On top of that you will want to get Munki up and running for pushing programs and updates out to them like Flash.

    Profile Manager comes as part of the Mavericks Server which is £20 from the App Store, you also get Time Machine Server with that which is the best backup solution for laptops by a mile, love it! Plus Update Server is handy for controlling the updates the Macs get, again you use Profile Manager to point the Macs to the server.

    Munki is free bit of software made by Google (as they have 42,000 Macs deployed and needed tools to manage them). Its command based, and just needs a server that accessible via HTTP and SMB/AFP to work, very light weight and useful.

    We also use Deploy Studio to push out our basic image which is free too.

    Once its all up and running managing the Macs is a breeze, and a lot less problematic that Windows, its just a massive learning curve at the beginning. I would turn that Mac Mini into a Mac Server and get some additional Mac laptops for you to get to grips with how it all fits together.
     
  10. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #11
    Minor points of correction:
    Munki is developed by Greg Neagle. Google modified that and created Simian which is one of several tools they use to manage their systems.
    To run Munki, you need only a Mac to import your applications, and a web server to share them to client systems.
     

Share This Page