- Jamf Nation Community
- Products
- Jamf Pro
- Re: Bind to AD or not?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Bind to AD or not?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-17-2016 10:21 AM
We've been binding our Macs (about 30) to AD since forever....But recently, I find that's causing more trouble for our help desk team: machine unbinding on their own, password change causing keychain issues, remote user machine's password does not update / sync etc...
(also found out that IBM is not using any sort of directory service for their Macs...everyone is local and admin).
Even when it works "right", once user logs in, he / she still needs to enter username / password for map drives...and we push out printers directly...So I am not really sure what AD brings us at this point...(other than password syncing, which doesn't work for our remote users)
Wonder if any of you have seen this?
thanks.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-17-2016 10:38 AM
If your users are already Admins, then no need for AD. Especially the remote ones, just on the points you made.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-17-2016 10:39 AM
Sounds like you would benefit from Enterprise connect.
PDF with more info: https://www.jamf.com/jamf-nation/download/20bd34acf72f451d9a7f32dd33c5b638
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-17-2016 11:15 AM
I agree with, B-35405. Enterprise Connect will help with your password syncing woes. We use AD binding because all our services are synced and it makes user management much easier. Currently working on zero touch deployment leveraging AD binding and EC, but the users will all be admins. I don't see a down side in our environment. I like the security of DEP + AD authentication just to be able to set up the device. For some reason, a few of our users like to keep their equipment even after they move on to greener pastures. Totally blows my mind.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-17-2016 01:39 PM
Thanks guys, I just called our Apple rep, and he quoted me $5000+install fee for this...
Might be a bit much for us at this point...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-18-2016 07:37 AM
We have had a few machines not allow users to log in recently although it says that it is still in the works domain, still picking up an IP address and still in Active Directory. It is resolved by removing from A/D and rebinding back into the domain. Why this is happening I do not know. Any suggestions?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-23-2018 07:35 PM
Remote user machine's password does not update / sync.....we are facing it..it is resolved by removing from A/D and rebinding back into the domain.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2018 03:36 PM
If we're commenting on this old thread. NoMAD is now in the mix that's a great option for non binding. It's a great option
http://nomad.menu/
Reply
