Bind to AD or not?

New Contributor

We've been binding our Macs (about 30) to AD since forever....But recently, I find that's causing more trouble for our help desk team: machine unbinding on their own, password change causing keychain issues, remote user machine's password does not update / sync etc...

(also found out that IBM is not using any sort of directory service for their Macs...everyone is local and admin).

Even when it works "right", once user logs in, he / she still needs to enter username / password for map drives...and we push out printers directly...So I am not really sure what AD brings us at this point...(other than password syncing, which doesn't work for our remote users)

Wonder if any of you have seen this?



Valued Contributor

If your users are already Admins, then no need for AD. Especially the remote ones, just on the points you made.


Sounds like you would benefit from Enterprise connect.

PDF with more info:


I agree with, B-35405. Enterprise Connect will help with your password syncing woes. We use AD binding because all our services are synced and it makes user management much easier. Currently working on zero touch deployment leveraging AD binding and EC, but the users will all be admins. I don't see a down side in our environment. I like the security of DEP + AD authentication just to be able to set up the device. For some reason, a few of our users like to keep their equipment even after they move on to greener pastures. Totally blows my mind.

New Contributor

Thanks guys, I just called our Apple rep, and he quoted me $5000+install fee for this...
Might be a bit much for us at this point...

New Contributor II

We have had a few machines not allow users to log in recently although it says that it is still in the works domain, still picking up an IP address and still in Active Directory. It is resolved by removing from A/D and rebinding back into the domain. Why this is happening I do not know. Any suggestions?

New Contributor

Remote user machine's password does not update / sync.....we are facing is resolved by removing from A/D and rebinding back into the domain.

Valued Contributor II

If we're commenting on this old thread. NoMAD is now in the mix that's a great option for non binding. It's a great option