I am looking for everyone's thoughts, opinions, gotchas or other notable experience with the native AD directory service plugin on 10.9.
We currently use a third party plugin which we have some fairly extensive MCX policies scoped as GPO's in our AD environment. Migrating these to Casper would be a task, but not unbearable.
I am looking at the feasibility of slowly migrating over to native tools and would like your input on how that experience has been and what you have learned.
Main thoughts/concerns
- Access Control - Deny login for students on Staff Machines
- Administrative Access - Several Large Groups of Admin Users (Techs, building level support, etc) as well as one-off users who "need" admin rights.
- User Caching - Our Domain is not externally routable. Would need user credentials cached during summer break (roughly 180 days)
- Large Environment - Close to 70k users. We have some large groups with several thousand users. Any issues handling this?
- Login Troubleshooting - What do you use to track down "I can't login" type issues
We're testing a few machines here and there with our environment but I thought I would get the collective knowledge of the nation to see what areas we should focus our testing.
Edit: Also any issues with RODC's in the environment.
Thanks!
