Active Directory Integration

slewis59
New Contributor

I manage a predominately Mac environment using network Home Directories in a one to many school environment. Running Mavericks Servers and Mavericks clients (happy to upgrade to Yosemite if there are clear advantages). I have to integrate our school with our Education Area's Active Directory database for authentication. Will manage client profiles and preferences on site using Casper.

What is the prevailing wisdom on the best way forward?
1. Bind Mac servers and clients directly to Active Directory service Or
2. Set up a 'Magic Triangle' where Mac servers are bound to AD and clients are bound to both OD and AD?

Any views or advice about the advantage and disadvantages of either method greatly appreciated.

Steve

7 REPLIES 7

talkingmoose
Moderator
Moderator

No need to include OD if you're planning to use Casper for management.

The Magic Triangle approach uses one directory service for Mac authentication and another directory service for Mac management only because the first (Active Directory) usually doesn't offer management capabilities. In your case, Casper is effectively the third angle of your Magic Triangle.

I suggest binding your OS X servers to Active Directory but that's only for authentication purposes and unrelated to any management.

Look
Valued Contributor III

As the Moose has said, OD seems pretty much unneccesary these days. Bind directly to AD for access and authentication and pretty much everything else is taken care of by Casper.

slewis59
New Contributor

Thanks Guys. your advice is much appreciated.

alexjdale
Valued Contributor III

Apple doesn't even talk about the magic triangle anymore and they discourage it. They're all about MDM now.

bentoms
Release Candidate Programs Tester

at my last role we used the Magic Triangle, but in my current role we deploy MCX & Profiles via the JSS only.

The nice thing about using the JSS for these is that it affords you greater flexibility as you can scope via Smart Groups.

acdesigntech
Contributor II

+1 on no OD. No reason for it anymore. I haven't touched an OD in years now, Casper handles everything as far as client management goes. MDM for the win!

davidacland
Honored Contributor II

Same from me, golden triangles, cylinders of destiny (no I'm not making that one up!) Workgroup Manager and managed preferences were really 10.6 and earlier. Config profiles, handled perfectly well with Casper, are Apple's preferred way these days.