We've been binding our Macs (about 30) to AD since forever....But recently, I find that's causing more trouble for our help desk team: machine unbinding on their own, password change causing keychain issues, remote user machine's password does not update / sync etc...
(also found out that IBM is not using any sort of directory service for their Macs...everyone is local and admin).
Even when it works "right", once user logs in, he / she still needs to enter username / password for map drives...and we push out printers directly...So I am not really sure what AD brings us at this point...(other than password syncing, which doesn't work for our remote users)
Wonder if any of you have seen this?
I agree with, B-35405. Enterprise Connect will help with your password syncing woes. We use AD binding because all our services are synced and it makes user management much easier. Currently working on zero touch deployment leveraging AD binding and EC, but the users will all be admins. I don't see a down side in our environment. I like the security of DEP + AD authentication just to be able to set up the device. For some reason, a few of our users like to keep their equipment even after they move on to greener pastures. Totally blows my mind.
We have had a few machines not allow users to log in recently although it says that it is still in the works domain, still picking up an IP address and still in Active Directory. It is resolved by removing from A/D and rebinding back into the domain. Why this is happening I do not know. Any suggestions?