Enterprise Apple environment

Posted on 2014-01-09
Medium Priority
Last Modified: 2014-01-09
I have been tasked with starting a project to deliver an apple based infrastructure to a group of around 45-50 users. Hardware including desktops,laptops and ipads. What i am looking for is how to tie them all together get them integrated with Active directory how to deploy updates and software to them etc...

any advice or links would be great

Question by:davidm27
LVL 25

Assisted Solution

by:Zephyr ICT
Zephyr ICT earned 400 total points
ID: 39767893

Regarding updates, software, policies etc ... I'd suggest using the MAC OS X server version to manage all your Apple devices.

The server guides: http://www.apple.com/osx/server/resources/documentation.html

Using Configuration profiles: http://training.apple.com/pdf/wp_osx_configuration_profiles_ml.pdf

Some other interesting info: http://www.training.apple.com/pdf/wp_self_support.pdf

As for Active Directory, you can connect your Apple environment to Active Directory, it can be a challenge, you can find more info here: http://training.apple.com/pdf/wp_integrating_active_directory_ml.pdf

The files aren't always up to date but should get you started ...
LVL 41

Accepted Solution

Eoin OSullivan earned 1600 total points
ID: 39768291
OSX 10.9  Server edition is a simple upgrade purchased for $20 on the Apple App Store once you have the standard OSX install on any device.

There are lots of postings here on EE about integrating Macs with OSX Server into larger Windows AD environments.

If you're deploying lots of identical iPads and Mac Laptops .. you might want to look at something like a deployment tool

For deploying apps to an already setup network of running devices

Integrating OSX and Windows is a bit of a headache and if you're under pressure or time constraints and have a budget .. I've seen a lot of IT admins use Centrify to manage the whole thing smoothly but bear in mind that OSX has fairly good AD integration included .. it just needs a fair bit of knowledge and tweaking
or the basic version here

Finally .. there are a range of tools included from Apple to deploy and manage iOS devices and manage OSX devices
http://www.apple.com/remotedesktop/ for OSX laptops and desktops
http://www.apple.com/iphone/business/it/management.html for iOS devices

Author Closing Comment

ID: 39768353
great guys Thanks
LVL 31

Expert Comment

ID: 39768370
OSX server mainly allows you to have Open Directory with some user account profiles.  If you use OD, then you'll have to maintain accounts that are separate from AD.  With only 45-50 systems, you can also just enable Remote Login in Sharing and use ssh to install software and run softwareupdates and other scripts.

Although I've taken a look, I never got around to using Deploystudio or any other tools manage OSX.  I took the unix command line route and had plenty of success.  Well, it hasn't hindered me enough to push me into looking at other solutions.  I've even used Apple Remote Desktop for a little bit at one place I've been at, but went back to command line tools because I found them quicker to do for the vast majority of things.

To Join a Mac to Active Directory, you only have to open System Preferences, Select Users& Groups,   Click on Login, Options.  Click on Join for the Network Account Server and enter the AD server.  It will prompt you for an account and password that allows you to join the domain.

You should learn some basic bash scripting and the following commands that are unique to OSX to get you most of the way.

softwareupdate is the command line version of Apple Update used to patch OSX.  Until recently, the GUI required a reboot of your system after patching, even with patches that didn't really require a reboot.  The command line version allowed you to patch without forcing a reboot until you're ready.  You could also patch just the updates that didn't need a reboot and not reboot your system.

installer is used to install software packages in the .mpkg or .pkg formats.

ditto command for zipping and unzipping files or copying directories from one location to another.  Although it's not necessary now, ditto keeps the resource fork information which was needed on older binaries.  I still use it out of habit.  You could probably use plain old cp -r or rsync to copy them now that they've deprecated the resource forks.  This is equivalent to robocopy.exe with an extra feature to zip files.  Unix/linux people still use rsync and tar, but those utilities lost the resource fork information. The newer rsync may support resource forks now, but that's after they deprecated the use of resource forks in new packages.

hdiutil is used to mount and unmount dmg files so that you can run installer on the packages in them.

defaults manages the system and user profile settings.  This is equivalent to managing the registry on windows with the reg command in Powershell or the DOS Prompt.

OSX App packages come in 2 forms, either packages where you need to run installer or you just copy them from the dmg file to /Applications/.  This will get 95%-99% of the packages.  There are a few things like Adobe products that will only install from the GUI unless you sign up for the redistribution license to get their repackaging utility.  It's a pain to have to repackage them just to install them.

You can also manually configure user accounts with dscl, if you aren't using Open Directory.  There are a lot of unix command line utilities available to do just about everything.  You could also use Apple Remote Desktop, if you need to manage it via the GUI, but scripting command line tools is so much easier, and saves time, when you have a lot of systems.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
While there are many new features for iOS 11, these are the five that can improve your digital lifestyle.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question