| Author |
 Topic  |
|
|
Endaar
Old Timer
USA
568 Posts
Status: offline |
 Posted - 03/29/2012 : 2:28:15 PM
|
Hi All,
I'm in K-12, which means every year or so someone in administration gets the bright idea to start bringing in Macs. I'm hearing rumblings again in this direction, so I figured I'd ask...what's the current state of Mac integration with AD/NTFS/etc.
Can they authenticate against AD? Any schema changes necessary?
Can they read/write NTFS? Is that fully supported? Anyone have experience with it?
Etc..etc...
Thanks,
James
|
|
|
DennisMCSE
Moderator
Canada
2400 Posts
Status: offline |
|
|
aval
Honorable But Hopeless Addict
USA
3276 Posts
Status: offline |
Posted - 03/29/2012 : 5:18:14 PM
|
quote:
Can they authenticate against AD? Any schema changes necessary?
Yes. No schema upgrade necessary - although you can perform one to add some Macs objects or attributes to the schema. I did not opt for this approach so I don't have any specifics.
The only problem I encountered was the fact that you set up authentication in different places for OS 10.4 and OS 10.7 so the directions I had for the first did not apply for the second (not sure about 10.5 and 10.6).
But it went surprisingly well for the first two Macs (one 10.4 and one 10.7).
quote:
Can they read/write NTFS? Is that fully supported? Anyone have experience with it?
No problem with that over the network. With the OS 10.4 machine, when the user logs on, the home folder opens as a window on - or in front of - the desktop. Almost better than native Windows.
I would recommend creating the computer account in AD first - which you may do for PC clients as well.
Group Policy? It looks like you need 3rd party software for this or throw a Mac server in the mix. That is supposed to create some sort of "magic triangle" with the Mac server emulating group policy more or less for the Mac clients. I decided we could do without Group Policy applying to the Macs so I cannot confirm or deny the validity of this option.
If you google/bing for macintosh active directory integration or OS X AD integration (you can try different terms), there should be quite a bit out there. |
 |
|
|
Endaar
Old Timer
USA
568 Posts
Status: offline |
Posted - 03/30/2012 : 09:01:20 AM
|
Thanks for the info. Read the Technet link and it was helpful.
I'm really not clear on the NTFS support though. I have done a lot of searching, and almost everything I see talks about 3rd party drivers for NTFS. Yes there seems to be some built-in ability to read/write NTFS in the most recent couple of versions of OSX, but there are reports of instability, data corruption, inability to write to external HDDs, etc.
Just don't know what to make of this.
James |
|
|
|
pretzeldude
Here To Stay
USA
236 Posts
Status: offline |
|
|
Rastor728
Old Timer
USA
736 Posts
Status: offline |
Posted - 03/30/2012 : 11:13:20 AM
|
In my tenure as a K-12 Administrator, the biggest problem in file shares and AD integration was that many Macintosh users include punctuation in file and folder names such as Question marks, Exclamation Points, Percent Signs, Slashes, Double Slashes etc.
Things like that don't play well between the formats.
Ever since OS 10.2 and 10.3 the AD Integration worked pretty well when creating and assigning network home folders for Desktop computers. Roaming profiles and offline files for portable MACs was a little more tricky.
Especially if you have users alternating back and forth between the two systems on a daily or regular basis. |
What would Clark Kent do to someone who stole his identity? |
|
|
|
aval
Honorable But Hopeless Addict
USA
3276 Posts
Status: offline |
Posted - 03/30/2012 : 11:41:40 AM
|
quote:
I'm really not clear on the NTFS support though. I have done a lot of searching, and almost everything I see talks about 3rd party drivers for NTFS. Yes there seems to be some built-in ability to read/write NTFS in the most recent couple of versions of OSX, but there are reports of instability, data corruption, inability to write to external HDDs, etc.
This is writing to a mapped (NTFS) drive over the network?
To be honest, I've tested it with a couple documents and they seemed to save OK and I was able to open them. I only have one user that might do this on a day-to-day basis and she has not mentioned any problems - so far. |
|
|
|
Endaar
Old Timer
USA
568 Posts
Status: offline |
Posted - 03/30/2012 : 11:43:25 AM
|
quote:
This is writing to a mapped (NTFS) drive over the network?
Correct, although I've also seen comments about NTFS on external (local) HDDs. |
|
|
|
Rastor728
Old Timer
USA
736 Posts
Status: offline |
Posted - 03/30/2012 : 1:10:55 PM
|
| One place I found with some of the "old" hints and looks like some new articles is www.macwindows.com/adinstruct.html |
What would Clark Kent do to someone who stole his identity? |
|
|
|
Btil Entrails
Here To Stay
USA
198 Posts
Status: offline |
Posted - 05/01/2012 : 5:56:43 PM
|
Support of Windows AD (2003 Server) / Mac OD (AD/OD) environments was no issue, until Apple decided to stop creating a true server that would allow you to point AD user profiles to the AFP or Mac storage. I know that Apple sells a little cube that they are calling a server device today, but it is not the same as was used in the past.
We still have this configuration up and running and it will support our school for a couple more years. Can only hope that Apple decides to move back into a true solution of supporting Apple laptops / workstations in a school or corporate world with real management tools that are seeing support and integration with Windows AD, but I will not hold my breath for this one.
Since Apple has moved away from any type of support or machine management, a third party vendor is the solution that Apple sales staff is pushing for schools and I know it is being used in the corporate world as well. Not a user, just offering some direction to make life better. http://www.jamfsoftware.com/ |
Chris
"It takes a big man to cry, but it takes a bigger man to laugh at that man."
Jack Handy quotes (American Writer and cast member of Saturday Night Live from 1991-2003. Famous for his Deep Thoughts comedy sketches.) |
|
|
|
nickw
Sadly oft-gone father of two
Ireland
5404 Posts
Status: offline |
|
|
Rastor728
Old Timer
USA
736 Posts
Status: offline |
Posted - 06/04/2012 : 10:35:00 AM
|
http://www.apple.com/macosx/server/
http://www.apple.com/remotedesktop/
this tool is for remote management and monitoring of OS X workstations/servers including Application deployment and profile management, can also use VNC to Windows workstations if installed as well) and is not like Windows Remote Desktop (Remote Desktop Services)
If you are going to try Windows Active Directory Integration (Network home folders, Windows File Shares etc), getting at least one OS X Server system up and running with Apple Remote Desktop will give you the best tools to start with.
http://www.macwindows.com/adinstruct.html
Will give you some other items to configure and other configuration help from Microsoft and Apple.
|
What would Clark Kent do to someone who stole his identity? |
Edited by - Rastor728 on 06/04/2012 10:36:46 AM |
|
|
|
JQuinn
Here To Stay
USA
288 Posts
Status: offline |
Posted - 10/02/2012 : 08:26:31 AM
|
Just my two cents:
We bind all of our mac's to our AD mostly without issue. I say that because for several users on 10.7 their windows home drive comes up with a "no" sign on it although permissions are set properly. Besides that we have 100 macs all accessing windows file servers without issue. We are in the process of migrating off of a mac server to a windows cluster with ExtremeZIP installed which lets the mac clients speak native AFp to the windows file servers, a very helpful product. It will still let them color their folders and use the illegal characters that windows would throw up on.
I believe there is also a product called centrify which helps with AD as well.
HTH,
James |
|
|
| |
Topic |
|
Current state of Mac integration?
