iPads, Active Directory, and the Enterprise

Discussion in 'iPad' started by MacDann, Dec 12, 2010.

  1. MacDann macrumors 6502a


    Mar 27, 2007
    Can see the end of the Earth from here
    I have been charged with writing a proposal to adopt iPads into our enterprise environment that is currently 100% Windows (Primarily XP but slowly migrating to Windows 7.)

    This is a K-12 education environment, and the proposed adoption is for student use.

    We currently use Active Directory for authentication, control and management of our hardware and user accounts.

    As I look over the documentation from Apple in their business white papers, I see mention of the use of certificates, but little or nothing relating to Active Directory.

    If anyone here is currently using an iPad in an AD environment, I would like to hear about their experiences. I have people on staff who are familiar with the use of certificates, so I don't see that being a problem. What does concern me is the security aspect, especially authentication and the control of devices and updates that we currently perform through the use of group policies and AD.

    Thanks in advance for the help,

  2. tunerX Suspended


    Nov 5, 2009
    The iPad is a standalone device. There isn't a way to tie it into a proprietary directory service like active directory.

    Once the user has access to the UI they have complete control of the device unless you have apps and such allow the use of passwords. Again those passwords will be single user.

    You can use some functions of LDAP and tie that in with MS LDAP for basic directory services but nothing as holistic as AD and group policy management. Your only safety would be using content filtering appliances, firewalls, and keeping the iPad infrastructure isolated from the enterprise core aside from certain ports and protocols.
  3. MacDann thread starter macrumors 6502a


    Mar 27, 2007
    Can see the end of the Earth from here
    Based on what I have been able to determine at this point, you have confirmed my fears. With no multiple user capabilities, nor the ability to authenticate through AD, these things are going to be a real handful to manage. Granted, they are being proposed to be deployed at one site only, which would make management a *little* easier, the problems created by these issues is really going to to make then a totally separate environment, or so it would seem.

    Thanks a bunch - you have aggregated a lot of issues into one document.


  4. PhoneI macrumors 68000

    Mar 7, 2008
    If you are using ActiveSync to sync your IPad devices to a corporate Exchange email system, you will need to enable the users in Active Directory to complete the sync.

    In addition, you can require user account credentials if you are connecting to a corporate wireless infrastructure.
  5. JS207 macrumors newbie

    Mar 17, 2012
    iPad / Active Directory integration now available

    I just noticed that there is a new free offering out there called Centrify Express for mobile that integrates iPads and iPhones into Active Directory (ie they join the domain like a Win or Mac system) and you get AD authentication, group policies for iOS settings, use ADUC to wipe/lock devices, etc. You might want to check it out here https://www.centrify.com/mobile/free-mobile-device-security-management.asp .... I read about it on cultofmac here http://www.cultofmac.com/146569/cen...windows-it-pros-and-does-it-for-free-feature/
  6. Bankerts macrumors member

    Sep 8, 2008
    Have no fear. Use an MDM provider like Mobile Iron or Airwatch which talks to your AD. Close down your exchange and wireless so they need certificate-level authentication and push the certificates via MDM.

    Works great for the 8000+ iDevices my company has deployed.
  7. mattpreston11 macrumors 6502a

    Nov 9, 2007
  8. russmcintire macrumors newbie

    Jan 17, 2013
    Do you or your company have any documentation for setting this up? We are exploring this and are not sure how to proceed.
  9. Ratatapa macrumors 6502a

    Apr 3, 2011
    We used Ipad in our environment (Car sells)

    They go into the backyard with the customer, then from WIFI they RDP into the server to calculate the price in from of the client

Share This Page