Jamf Nation Community

Hafiz · ‎10-03-2015

Is there any equivalent application to Microsoft's AD Users and Computers but available for Mac OS X?
Basically the only time given, my specific role, to access a Windows box or start-up a Windows VM is to unlock a users account on AD or to move/delete a computer object in the Mac OU in AD. Given those two specific requirements is there a Mac app for that (that is free if possible)? I have looked before into this and I could only find outdated apps or very expensive high-end server style Enterprise solutions.

Thank you

bpavlov · ‎10-03-2015

I've never dealt with it but look into Samba. I know it does support for the SMB protocol, but I believe it also has AD functionality too.
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller

https://www.samba.org/samba/

galionschools · ‎10-03-2015

I would look into Microsoft's Remote Desktop mac app. I've looked for solutions like this in the past but in the end it just wasn't worth the effort.

SQR · ‎10-03-2015

We've used AD Helpdesk both for iOS and Mac desktop in the past to unlock/reset passwords, etc but does not have group policy functionality.

Last time i used it was 2 years ago, so not sure if its any different.

Look · ‎10-04-2015

As @galionschools said, pretty much accepted method to remote into a terminal session somewhere and do it there. Much less bother than having a VM or Windows partition, providing of course you have the terminal server available.

bpavlov · ‎10-04-2015

Whoops I misread this. Certainly you can RDP into the Windows machine with those tools or run a Windows VM with those tools.
However, if your team is interested there was something I used at a previous job that plugged into AD. It was called Quest ServiceRole. It was pretty neat. A quick google shows it looks like Dell has acquired them: http://software.dell.com/products/activeroles-server/
No idea how expensive it was. But it was certainly convenient to not have to RDP into a Windows machine to use AD Users & Computers.

emily · ‎10-04-2015

I've spent many a moon searching for something that does this natively on a Mac. Alas, my Google-fu failed me. I just installed the Account Lockout Tools on one of our domain controllers and run it from there through an RDP session using Microsoft's Remote Desktop App.

Simmo · ‎10-04-2015

It could be possible to run the application you use natively on windows as an X11 app?

Aaron · ‎10-04-2015

Depending on your setup, and if you're feeling chummy with the sysadmins, you could get a Citrix/XenApp server up and running, and you can run your applications through that. You could argue that this would benefit everyone else, because it gives a centrally managed location for admin apps.

Of course, if you don't already have a Citrix environment, then this will be well outside of your scope/cost/justification.

You could also try Parallels intergration (Windows VM) or WINE (http://wiki.winehq.org/MacOSX)?

cdev · ‎10-05-2015

Have you looked into Apache Directory Studio? I don't have full access to our AD servers, but I have been allowed/able to remove machines from AD that fall into a disabled state.

pickerin · ‎10-05-2015

While outside the scope of the question, the Active Directory Assist (free for query, $12 for making changes) iOS application does this pretty well. You can perform various queries and make some basic changes.

It won't replace an RDP session to a real Windows system, but it works great in a pinch (disable accounts is a perfect example, can do it from anywhere with a VPN session).

Jamf Nation Community

Equivalent of AD Users and Computers app but on Mac OS X