Enterprise Apple environment

Posted on 2014-01-09
Last Modified: 2014-01-09
I have been tasked with starting a project to deliver an apple based infrastructure to a group of around 45-50 users. Hardware including desktops,laptops and ipads. What i am looking for is how to tie them all together get them integrated with Active directory how to deploy updates and software to them etc...

any advice or links would be great

Question by:davidm27
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 25

Assisted Solution

by:Zephyr ICT
Zephyr ICT earned 100 total points
ID: 39767893

Regarding updates, software, policies etc ... I'd suggest using the MAC OS X server version to manage all your Apple devices.

The server guides:

Using Configuration profiles:

Some other interesting info:

As for Active Directory, you can connect your Apple environment to Active Directory, it can be a challenge, you can find more info here:

The files aren't always up to date but should get you started ...
LVL 40

Accepted Solution

Eoin OSullivan earned 400 total points
ID: 39768291
OSX 10.9  Server edition is a simple upgrade purchased for $20 on the Apple App Store once you have the standard OSX install on any device.

There are lots of postings here on EE about integrating Macs with OSX Server into larger Windows AD environments.

If you're deploying lots of identical iPads and Mac Laptops .. you might want to look at something like a deployment tool

For deploying apps to an already setup network of running devices

Integrating OSX and Windows is a bit of a headache and if you're under pressure or time constraints and have a budget .. I've seen a lot of IT admins use Centrify to manage the whole thing smoothly but bear in mind that OSX has fairly good AD integration included .. it just needs a fair bit of knowledge and tweaking
or the basic version here

Finally .. there are a range of tools included from Apple to deploy and manage iOS devices and manage OSX devices for OSX laptops and desktops for iOS devices

Author Closing Comment

ID: 39768353
great guys Thanks
LVL 29

Expert Comment

ID: 39768370
OSX server mainly allows you to have Open Directory with some user account profiles.  If you use OD, then you'll have to maintain accounts that are separate from AD.  With only 45-50 systems, you can also just enable Remote Login in Sharing and use ssh to install software and run softwareupdates and other scripts.

Although I've taken a look, I never got around to using Deploystudio or any other tools manage OSX.  I took the unix command line route and had plenty of success.  Well, it hasn't hindered me enough to push me into looking at other solutions.  I've even used Apple Remote Desktop for a little bit at one place I've been at, but went back to command line tools because I found them quicker to do for the vast majority of things.

To Join a Mac to Active Directory, you only have to open System Preferences, Select Users& Groups,   Click on Login, Options.  Click on Join for the Network Account Server and enter the AD server.  It will prompt you for an account and password that allows you to join the domain.

You should learn some basic bash scripting and the following commands that are unique to OSX to get you most of the way.

softwareupdate is the command line version of Apple Update used to patch OSX.  Until recently, the GUI required a reboot of your system after patching, even with patches that didn't really require a reboot.  The command line version allowed you to patch without forcing a reboot until you're ready.  You could also patch just the updates that didn't need a reboot and not reboot your system.

installer is used to install software packages in the .mpkg or .pkg formats.

ditto command for zipping and unzipping files or copying directories from one location to another.  Although it's not necessary now, ditto keeps the resource fork information which was needed on older binaries.  I still use it out of habit.  You could probably use plain old cp -r or rsync to copy them now that they've deprecated the resource forks.  This is equivalent to robocopy.exe with an extra feature to zip files.  Unix/linux people still use rsync and tar, but those utilities lost the resource fork information. The newer rsync may support resource forks now, but that's after they deprecated the use of resource forks in new packages.

hdiutil is used to mount and unmount dmg files so that you can run installer on the packages in them.

defaults manages the system and user profile settings.  This is equivalent to managing the registry on windows with the reg command in Powershell or the DOS Prompt.

OSX App packages come in 2 forms, either packages where you need to run installer or you just copy them from the dmg file to /Applications/.  This will get 95%-99% of the packages.  There are a few things like Adobe products that will only install from the GUI unless you sign up for the redistribution license to get their repackaging utility.  It's a pain to have to repackage them just to install them.

You can also manually configure user accounts with dscl, if you aren't using Open Directory.  There are a lot of unix command line utilities available to do just about everything.  You could also use Apple Remote Desktop, if you need to manage it via the GUI, but scripting command line tools is so much easier, and saves time, when you have a lot of systems.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question