Qa3admin
asked on
Binding Leopard 10.5.3 with Active Directory
I need to know the best way to integrate Leopard with Active directory.
I would prefer not extending the AD schema if possible. However I will if necessary.
I have read about several different methods. What do you guys recommend?
I would prefer not extending the AD schema if possible. However I will if necessary.
I have read about several different methods. What do you guys recommend?
jhyiesla
I've added my Mac to my Active directory environment simply by using the Directory Utility in Applications - Utilities.
ASKER
This will add directory services. Are you logging in using a AD account. Are you able to control the User account through AD? Are you able to mount network folders?
Yes.
When I boot my Mac and get to the login screen I see the local Mac user. If I wait for a few seconds another user called Other gets added. I click on him and then enter in my AD name and password and I log into the Mac. This is the same AD account that I use in my Domain Windows machines. We're a Windows shop mostly and so this is just my normal AD account. My account shows up in Accounts System preferences as a network admin. I can mount network folders by using the Go to Server from Finder. I've even written a small applescript to do this for me and added it to my login items. PLEASE NOTE::: the login items in Account system preferences ONLY works if you have upgraded to 10.5.3. Previous releases have bug that cause this to hang.
When I boot my Mac and get to the login screen I see the local Mac user. If I wait for a few seconds another user called Other gets added. I click on him and then enter in my AD name and password and I log into the Mac. This is the same AD account that I use in my Domain Windows machines. We're a Windows shop mostly and so this is just my normal AD account. My account shows up in Accounts System preferences as a network admin. I can mount network folders by using the Go to Server from Finder. I've even written a small applescript to do this for me and added it to my login items. PLEASE NOTE::: the login items in Account system preferences ONLY works if you have upgraded to 10.5.3. Previous releases have bug that cause this to hang.
ASKER
Can you provide the applescript? Also can you point to a step by step process as to how to do this?
If it is this simple why is there mass forums and 3rd party apps for accomplishing this?
If it is this simple why is there mass forums and 3rd party apps for accomplishing this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I also need to stress that I am doing this Leopard on a workstation NOT Leopard Server.
ASKER
Thanks. If you happen to find the step by step send it to rwagner@qa3.com
Again thanks for your time
Again thanks for your time
I don't think this is the document that I used, but it's pretty complete.
http://www.markwilson.co.uk/blog/2008/02/using-active-directory-to-authenticate-users-on-a-mac-os-x-computer.htm
http://www.markwilson.co.uk/blog/2008/02/using-active-directory-to-authenticate-users-on-a-mac-os-x-computer.htm
This solution works but does not give you access to the mac os x computer management feature (MCX see: group policy for mac)
A solution such as thursby's admitmac will allow you to configure those settings using apple workgroup manager and store them in a file in the windows server without extending the active directory schema. you do not need to purchase a copy of mac os x server but note all feature may not behave the same as with mac os x server, when you install thursby's software on the directory controller just download apple server management tools and connect to the active directory tree
other solutions include centrify which is aimed at larger businesses
if you decide to integrate your macs with only the directory utility please note you will be unable to manage them using MCX
AD integration best pratices from apple: images.apple.com/itpro/pdf
How to support mac in a an AD environment computer world: http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9013039
A solution such as thursby's admitmac will allow you to configure those settings using apple workgroup manager and store them in a file in the windows server without extending the active directory schema. you do not need to purchase a copy of mac os x server but note all feature may not behave the same as with mac os x server, when you install thursby's software on the directory controller just download apple server management tools and connect to the active directory tree
other solutions include centrify which is aimed at larger businesses
if you decide to integrate your macs with only the directory utility please note you will be unable to manage them using MCX
AD integration best pratices from apple: images.apple.com/itpro/pdf
How to support mac in a an AD environment computer world: http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9013039