Our university uses Active Directory to manage users and Windows boxes.
Currently, any department or group that wants to manage Macs needs to
setup and maintain their own OD server to supplement AD. Our group's
Macs bind to both AD and our own OD via the LDAP plug-in. The problems
with this setup include no unique UIDs from AD and although we are able
to, smaller departments or groups that can't afford to or know how to
setup an OD server are locked out. So I'm looking into using the AD
plug-in and having the Apple schema added to AD so Macs could be
managed in AD just like the Windows boxes are without having to support
an additional OD.
Here's how I envisioned it (this is assuming that the AD has had the
apple.schema added to it):
1. On a Mac OS X client machine, admins would bind it to AD using the
AD plug-in.
2. Using Workgroup Manager on the client, the admin could get to AD by
using the View Directories function
(http://docs.info.apple.com/article.html?artnum=25760).
3. From here the admin could authenticate to the directory as a user
with the rights to create group and computer objects and would be able
to set specific MCX preferences.
Now I've seen some items that indicate that you can't use Workgroup
Manager to add/change/delete objects in AD and need to use a modified
version of Active Directory Users & Computers on a Windows box
(http://www.shukwit.com/). If this is the case, then I'll have to look
into some other solutions that would be easier for everyone to use
(ADmitMac site license or hybrid AD/OD environment where we
setup/maintain the OD servers for everyone to use). shukwit.com doesn't
seem to be up to date and focuses more on Jaguar (I didn't see any
mention of Panther or the Active Directory Plug-In), so I'm wondering
if the info on there is still valid. I also found this Apple KB article
(http://docs.info.apple.com/article.html?artnum=151450) that says you
can use WGM to change and delete objects, but you'd have to use a
Windows box to add objects.
Questions:
1. Is anyone using Active Directory with the Apple schema added to it?
2. If so, are you using Workgroup Manager to manage the group and
computer lists?
3. Is it possible to use WGM with AD in the way I've mentioned above?
Thanks for any feedback anyone can provide.
--
John Anthony Grigutis
User Support Specialist III
Apple Certified System Administrator (ACSA)
Indiana University : UITS : STC : Macintosh/Unix Team
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
