Hello Jamf Pro peers!
Fresh off the boat Mac user here. Are there any comparable tools to the Active Directory Users and Computers snap-in from Windows available on macOS Catalina and above?
Thanks in advance!
Solved
Any good tools for doing Active Directory work from a Mac?
+6Best answer by cbrewer
Your best tool is going to be a Windows virtual machine or RDP session.
+17You'll probably run rapidly into its limits, but start with the Directory Editor tab in Directory Utility, located at /System/Library/CoreServices/Applications/ on Catalina.
+14I've used Apache Directory Studio for some basic AD lookups and record purges (requires an installed JDK). Depends on what specific features you need tho.
+8https://support.apple.com/guide/directory-utility/configure-domain-access-diru11f4f748/mac
also, some of these are OD specific, but, here is a list of directory service related binaries to check out:
dscacheutil
dscl
dsconfigad
dsconfigldap
dseditgroup
dsenableroot
dsexport
dsimport
dsmemberutil
+12Kind of depends on what you want/need and what your AD Team and CISO are willing to tolerate.
We use tools from ManageEngine for monitoring and troubleshooting user issues, but for actually managing users, we RDP to a CISO approved hosted VM that has AD tools installed, using elevated credentials, limited access, etc. Field support staff are not allowed to use any other system other than that for user management, and even then there are strict controls and monitoring in place.
+6Thanks for the feedback guys. I believe I will just RDP into a system that stays online, and connected in the office for administrative AD tasks.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.