Bound vs. Non-Bound AD Integration



What are the reasons you would go for a Non-Bound AD integration using a tool like the one from Apple Enterprise or this one I just came across:

We currently bind everything to AD within our Apple Environment, and rarely see an issue. I have noticed companies more and more lately going away from a full AD bind. Are there any real reasons for this?


Valued Contributor III

Better more consistent mapping of shares is one thing I can think of. Better functionality off campus is number 2.


Hi I am just moving forward unbinding my Macs from AD... We just completed rolling out nomad to help with AD Password/Keychain/Passwords...

The reason to not bind, is that it doesn't really give your Mac any benefit... In a windows environment, binding gives you a lot, like Group Policies and such... But in a windows environment, it doesn't offer much...

this is a very high level answer, but its exactly what we I am doing at my company now.


@jimderlatka I completely agree that AD doesn't do much at all for a Mac user... I don't think I want to be in the business of creating their local accounts though... I like that the AD bind does this for you with mobile account creation. I will have to do some testing around nomad to see what it can and can't do.

Thank you!


Depends on your company and its security policies, among other things. AD bound machines have the advantage of the same passwords across all platforms for the users. Also don't have to go through manually creating accounts every time someone wants to log in, and it makes infosec happy because password expiry/requirements are enforced across the board. It's also nice that users don't have to manually log in when mapping a network share.

Disadvantages include random buggy things when Apple makes a change, logins taking very long when not connected internally, etc.

Valued Contributor II

In our environment I was able to meet more of our policies not bound to AD.



I will definitely be evaluating NoMad shortly in both a non-bound configuration and a bound configuration. It looks like they might bring some things to the table even if you are binding (probably similar to adpassmon and kerbminder)

Thank you all!