MAC os X and Active directory 1

[jim532]

Does the MAC and Windows Active Directory play well together. I have a couple MACs in our dept and When we roll out Active Directory and Exchange I'll need to allow the MAC users to access email and and access shared files from a network drive.
I'm really just looking fo r some input on this before I try to tackle this blindly.

 

[zephyran]

We're running AD on a mixed 2000/2003 platform, and just recently introduced a Mac to our network.

I know that OS X 10.4 has built-in direct support for Active Directory, and in our testing, it has worked reasonably well. The Directory Setup tool is in /Applications/Utilities, and allows you to basically add the client to the domain in a very similar manner to adding a Windows 2000 or XP client (with a few extra options available). Once it's a domain member, you can log in with any domain account and the Mac treats it like a local account (with a local OSX-type profile). If the account has a Home Directory configured, it will place a shortcut to this at the bottom of the screen.

To access Windows file servers, you need to make sure that the servers are set up (through either Local or Group Policy) so that the following Local Security policy:

Microsoft network server: Digitally sign communications (always)

is disabled. Once you've done that, you can use OSX's Samba client (via command-K) to access the shares on those servers. By default, it should use the username and password with which you logged on, and will prompt you for a separate login if that account has not been granted access to the share.

Supposedly, Entourage (from the MS Office 2004 suite) gives decent access to Exchange (like Outlook), though I haven't yet tested this. Outlook Web Access works just fine in Safari or Firefox, though with fewer features than if it is used on IE.

Does this help?

 

[zoeythecat]

Magpie,

I can't speak for Jim but I can tell you this is good info. I work for a school and we have a Windows2003 native Active Directory environment. We have several MacIntosh (OX10 mostly) on our network. The way they connect to the network is by logging in via their local user account and manually connecting to their apple shares via the "Connect to Server" option. We do not see any of these workstations in Active Directory Users and Computers. Do you think configuring the macs with this Directory Setup tool will allow me to view these computers from Active Directory Users and Computers?

Thanks,
Zoey

 

[zephyran]

Yes, it will. When you use the Directory Setup tool in 10.4, it automatically creates an account for that computer in the domain (just as if you were joining a Wndows PC to the domain). Even better, when you look at that computer's account in AD Users & Computers, it lists the computer's OS as "Mac OS X" and whichever version it's running.

Versions of OS X before 10.4 (10.3 for sure, and maybe 10.2 and earlier) also have Active Directory capability, but it's a little more cumbersome to set up. For them, you need to configure LDAP access through an LDAP Configuration tool (still in /Applications/Utilities, I think) and must adjust a few more options, but it should still work. I don't have direct experience with that, but there's plenty of documentation on the Web for those older versions.

 

[zoeythecat]

Thanks for the info.