Posted on 02-07-2019 07:57 AM
All,
great to see such a great turnout for the Phoenix User Group
As i mentioned after Chas and Ricky's presentation, there is a great page that goes thru the pros and cons of binding vs Enterprise Connect or NoMAD
it can be found here
https://macadminsdoc.readthedocs.io/en/master/Integration/Active_Directory.html
Posted on 02-07-2019 12:59 PM
Thank you for sharing this!
I am at a place where I have been fighting to get the policy of binding revisited because of all of the problems the end users are experiencing. They bind because Windows is bound, but there was no investigation into why a Mac needs to be bound. What are the problems they are trying to solve with binding? Every time I question binding, I'm told things like "you can't manage FileVault if they aren't bound" and many other strange reasons that no one is able to prove. On my first day I was handed a MacBook Pro that was bound, had ADPassMon and Enterprise Connect installed. Oh the humanity!
Sorry for the rant...
Posted on 02-08-2019 08:41 AM
Thanks for posting the link to the chart Mark. This will come in handy with a current customer I'm working with who is waffling between binding/no binding. I'm working to convince them to stay away from it.
I have moved very strongly within the last year in the direction of not binding Macs to AD. I use to be the opposite, feeling that it was a necessary evil to get various functionality working correctly (and at one time that was true) Having been working with NoMAD on a few different projects though, I really don't see the need for this anymore. Even some of the things that we used to only be able to do with binding can now be taken care of with NoMAD or Enterprise Connect if they are set up correctly. In fact, it provides a superior experience to the end user.
All that, plus the fact that Apple tends to break AD integration with each OS release, and even when it's "fixed", AD bound Macs just randomly end up falling off the domain for no explicable reason is enough for me to recommend ditching it in favor of one of the above tools in it's place.
Posted on 02-08-2019 12:29 PM
I do not use mobile accounts (local through nomad login), but I still bind the device. I cannot get Cisco Umbrella roaming client to play nicely without a bind if whitelist GPO are going to work