macbook for end users on predominantly windows network/AD environment

can macbooks/apple macs be joined to a windows AD domain and used by end users in the same way as a domain joined windows 10 laptop?

Or would there typically be an additional application on the macbook installed to allow connectivity to the domain, e.g. file servers and applications, and the devices not directly added to a companies AD? I'm a tad confused how these devices would be managed, as I don't suspect you can deploy group policies to macs for example to lock down USB ports etc, as you can with windows devices.
Who is Participating?
William FulksSystems Analyst & WebmasterCommented:
The simple answer to your question is yes, but the process is not simple. You CAN join a Mac to a domain but it requires a bit of manual configuration to make it point to the domain controller.

As for GPO stuff, you have to install an add-on like Centrify which enables MAC OS options for setting group policies. It's not free, though.

Here's an article from Apple on AD integration for Macs -
Qian BaoDigital Media Specialist and Web DesignerCommented:
Macs can be joined to the domain without additional software for SSO authentication.  A Computer Object will be created in AD.  Be aware that you will occasionally lose binding to AD and will have to rebind the Mac, especially if it's a laptop that's frequently taken off site.

If you want group policy like control, you will have to spend money on Centrify, or AdmitMac, or PowerBroker.  There are  a few others, but these are the top ones.

If you just want to manage Macs, you can use JAMF (nee Casper Suite) and manage Mac connections to Windows services without having to Join the domain.
Qian BaoDigital Media Specialist and Web DesignerCommented:
Best solution provided.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.