Posted on 11-10-2011 08:41 PM
I'm currently researching this for a deployment of about 2500 Macs. It seems that Active Directory is what everyone likes, but I'd like to hear opinions about AD vs OD vs whatever else is out there. Thanks all!
Posted on 11-11-2011 06:18 AM
I use OD for our 400 Macs in our grades 4-12 1:1. I'm not familiar with AD though to really help much with your comparison.
Posted on 11-11-2011 06:50 AM
We use AD. It's used by a bunch of our other systems here so pretty entrenched.
Posted on 11-11-2011 06:54 AM
We've been using AD for our 650 Macs for the past few years with Apple's AD plugin.
Before that, we used SunOne LDAP for a while.
Currently use AD as that's our corporate standard and seems to work well enough.
Posted on 11-11-2011 03:07 PM
Use what you already have on your network. No need to duplicate efforts. If you're already in a Windows world then adopt its resources. If you have no network directory system in place then go with Mac OS X Server and Open Directory if you're comfortable with that.
Posted on 11-11-2011 03:27 PM
Were using Windows AD leveraging Centrify.
Posted on 11-11-2011 07:21 PM
We're using Active Directory, and using Apple's AD plug-in to connect the Macs to the domain.
Posted on 11-11-2011 09:51 PM
We support sites that use AD, OD and combinations of both (golden triangle)
No real problems with any of them although OSX clients seem to find OD faster for some reason.
Posted on 11-12-2011 07:22 AM
Thanks for all of the replies! It's a tricky topic for my environment because the AD plugin never seems to work until several months after a new OS is released and the way that Apple has been dropping enterprise support, who knows how long OD will be around?
Posted on 11-12-2011 09:58 AM
We had a major project a few years ago. We had to move Polo Ralph Lauren from Mac OS 9 to Mac OS X (10.3 at the time). AD had to be upgraded, which they did, and authentication worked like a charm.
I agree with William. Leveraging existing infrastructure is always the smart move (assuming the infrastructure is up to date and stable). If the company has staff that are already paid to manage an existing system you can hook into, take advantage of it and save your time/effort/money for the other stuff. :)
Don
Posted on 11-12-2011 03:24 PM
If you already have AD, go with that. If you are having troubles authenticating I would suggest a deep thorough review of your AD and make sure it's setup in the best interests of supporting Apple products. There is nothing like integrating a Mac to find out you have AD issues :)
Posted on 11-12-2011 05:47 PM
We're using Active Directory, and using Apple's 10.7 AD plug-in to connect the Macs to the domain.
Posted on 11-14-2011 02:03 PM
We used to use Active Directory, but had issues with clients' bindings becoming broken and not repairable without re-imaging (although that was still running OS 10.5).
We currently bind all Macs to Open Directory for user authentication and managed preferences and haven't had any problems with that.
Posted on 11-14-2011 05:24 PM
We are running 10.6.7 or 10.6.8 (no 10.7 yet) on almost all of our 13,000 Macs and are using Active Directory for authentication, Open Directory for user-level managed preferences and the Casper Suite for computer-level managed preferences or policies.
Posted on 11-14-2011 06:01 PM
We use Ad as well. We manage 2500 macs.
We have taken a little different path for management. By extending the ad schema, we are able to manage the macs natively, with Workgoup Manager and the AD.
OSx based servers like wiki/blog, ichat, podcast producer servers also use AD to authenticate users. It works rather well.
Operating systems in the wild. 10.5.8, 10.6.x and some 10.7 boxes.
Posted on 11-15-2011 08:46 AM
We use OD for managing 7,000+ Mac clients and just a handful of windows clients. We tie as many systems into an OD/OpenLDAP authentication process as possible.
Posted on 11-15-2011 10:54 AM
Charlie, you're the only person I've heard so far who is running OD on a larger scale. What kind of hardware do you have on the back end to manage that many clients? Thanks a ton for the input!
Posted on 11-22-2011 07:06 AM
We use AD for user authentication on ~13k macs and ~7k Windows machines. Use OD for mcx. Haven't gotten around moving mcx into casper.
Posted on 11-23-2011 02:30 AM
Also AD here (with Apple's plugin), about 300 clients worldwide.
MCX by Casper.
We had ADmitMac, but dropped it with 10.5 as Apple's plugin works well enough.
Only issue is that sometimes a client loses AD connection for no obvious reason,
have to force unbind and rebind again then, but that's only like once a month.
10.6 and 10.7 were a little picky in the first versions,
but that was fixed with Apple's updates.
Would prefer to have the AD plugin work properly out of the box on the first release,
but yeah, Apple...
Posted on 11-23-2011 08:32 AM
AD for 400+ 10.6.8 clients. Windows Server 2003. Ditched OD when we started using Casper. The Magic Triangle was not that magical.
Posted on 11-29-2011 08:49 AM
We use E-dir, Has a lot of nightmares, but doesn't need Golden Triangle.
Posted on 11-29-2011 12:34 PM
OD for now that may change in the near future
Posted on 12-01-2011 09:27 AM
ZebulonSmith, sorry for the delay in response (still need good RSS on this and ability to watch by tags or your own name :-)
We have a distributed setup with XServe and some Mac Mini Servers. Our hardware is beefed up as well (RAM and Processors). We have one Open Directory Master, 1 replica at the core that's used for some 3rd party authentications using LDAP, 10 replicas out at elementaries (1 per site), 12 replicas at secondary schools (2 per site, with four middle schools and two high schools). Our WAN is anywhere from a dedicated 100Mbps licensed frequency microwave up to 1Gbps fiber (about half our sites on each).
This is generally working well for us and we don't have too many issues. However, we have found that we end up with some internal OD database inconsistencies with this larger system (12,000 users and 7,000+ devices). We've worked with Apple engineering on this a lot and will continue to do so.
We're happy to discuss our setup with anyone, feel free to get in touch with me directly if needed. Perhaps a feature request of a PM inside JAMFNation? :-)
Posted on 12-07-2011 01:16 PM
We use Active Directory for account authentication (OS X plug-in) and Open Directory to expand the user permissions on the file server.
Posted on 12-19-2011 05:35 PM
We use AD, and like it, with one caveat: don't end your FQDN in .local. It causes ten types of hell, since it conflicts with Bonjour. We're migrating the entire domain to a new FQDN over Christmas break.
Posted on 07-09-2014 10:19 AM
We use AD w/Centrify