Bind to AD or not?

dyyuan
New Contributor

We've been binding our Macs (about 30) to AD since forever....But recently, I find that's causing more trouble for our help desk team: machine unbinding on their own, password change causing keychain issues, remote user machine's password does not update / sync etc...

(also found out that IBM is not using any sort of directory service for their Macs...everyone is local and admin).

Even when it works "right", once user logs in, he / she still needs to enter username / password for map drives...and we push out printers directly...So I am not really sure what AD brings us at this point...(other than password syncing, which doesn't work for our remote users)

Wonder if any of you have seen this?

thanks.

7 REPLIES 7

millersc
Valued Contributor

If your users are already Admins, then no need for AD. Especially the remote ones, just on the points you made.

B-35405
Contributor

Sounds like you would benefit from Enterprise connect.

PDF with more info: https://www.jamf.com/jamf-nation/download/20bd34acf72f451d9a7f32dd33c5b638

chris_miller
Contributor

I agree with, B-35405. Enterprise Connect will help with your password syncing woes. We use AD binding because all our services are synced and it makes user management much easier. Currently working on zero touch deployment leveraging AD binding and EC, but the users will all be admins. I don't see a down side in our environment. I like the security of DEP + AD authentication just to be able to set up the device. For some reason, a few of our users like to keep their equipment even after they move on to greener pastures. Totally blows my mind.

dyyuan
New Contributor

Thanks guys, I just called our Apple rep, and he quoted me $5000+install fee for this...
Might be a bit much for us at this point...

RyanDan
New Contributor II

We have had a few machines not allow users to log in recently although it says that it is still in the works domain, still picking up an IP address and still in Active Directory. It is resolved by removing from A/D and rebinding back into the domain. Why this is happening I do not know. Any suggestions?

chenhao2018
New Contributor

Remote user machine's password does not update / sync.....we are facing it..it is resolved by removing from A/D and rebinding back into the domain.

rderewianko
Valued Contributor II

If we're commenting on this old thread. NoMAD is now in the mix that's a great option for non binding. It's a great option
http://nomad.menu/