Bound vs. Non-Bound AD Integration

Kedgar
Contributor

Hello,

What are the reasons you would go for a Non-Bound AD integration using a tool like the one from Apple Enterprise or this one I just came across: https://www.nomad.menu

We currently bind everything to AD within our Apple Environment, and rarely see an issue. I have noticed companies more and more lately going away from a full AD bind. Are there any real reasons for this?

6 REPLIES 6

blackholemac
Valued Contributor III

Better more consistent mapping of shares is one thing I can think of. Better functionality off campus is number 2.

jimderlatka
Contributor

Hi I am just moving forward unbinding my Macs from AD... We just completed rolling out nomad to help with AD Password/Keychain/Passwords...

The reason to not bind, is that it doesn't really give your Mac any benefit... In a windows environment, binding gives you a lot, like Group Policies and such... But in a windows environment, it doesn't offer much...

this is a very high level answer, but its exactly what we I am doing at my company now.

Kedgar
Contributor

@jimderlatka I completely agree that AD doesn't do much at all for a Mac user... I don't think I want to be in the business of creating their local accounts though... I like that the AD bind does this for you with mobile account creation. I will have to do some testing around nomad to see what it can and can't do.

Thank you!

seann
Contributor

Depends on your company and its security policies, among other things. AD bound machines have the advantage of the same passwords across all platforms for the users. Also don't have to go through manually creating accounts every time someone wants to log in, and it makes infosec happy because password expiry/requirements are enforced across the board. It's also nice that users don't have to manually log in when mapping a network share.

Disadvantages include random buggy things when Apple makes a change, logins taking very long when not connected internally, etc.

gachowski
Valued Contributor II

In our environment I was able to meet more of our policies not bound to AD.

C

Kedgar
Contributor

I will definitely be evaluating NoMad shortly in both a non-bound configuration and a bound configuration. It looks like they might bring some things to the table even if you are binding (probably similar to adpassmon and kerbminder)

Thank you all!