Jamf Nation Community

We use AD. It's used by a bunch of our other systems here so pretty entrenched.

We've been using AD for our 650 Macs for the past few years with Apple's AD plugin.

Before that, we used SunOne LDAP for a while.

Currently use AD as that's our corporate standard and seems to work well enough.

Use what you already have on your network. No need to duplicate efforts. If you're already in a Windows world then adopt its resources. If you have no network directory system in place then go with Mac OS X Server and Open Directory if you're comfortable with that.

Were using Windows AD leveraging Centrify.

We're using Active Directory, and using Apple's AD plug-in to connect the Macs to the domain.

We support sites that use AD, OD and combinations of both (golden triangle)
No real problems with any of them although OSX clients seem to find OD faster for some reason.

Thanks for all of the replies! It's a tricky topic for my environment because the AD plugin never seems to work until several months after a new OS is released and the way that Apple has been dropping enterprise support, who knows how long OD will be around?

We had a major project a few years ago. We had to move Polo Ralph Lauren from Mac OS 9 to Mac OS X (10.3 at the time). AD had to be upgraded, which they did, and authentication worked like a charm.

I agree with William. Leveraging existing infrastructure is always the smart move (assuming the infrastructure is up to date and stable). If the company has staff that are already paid to manage an existing system you can hook into, take advantage of it and save your time/effort/money for the other stuff. :)

Don

If you already have AD, go with that. If you are having troubles authenticating I would suggest a deep thorough review of your AD and make sure it's setup in the best interests of supporting Apple products. There is nothing like integrating a Mac to find out you have AD issues :)

We're using Active Directory, and using Apple's 10.7 AD plug-in to connect the Macs to the domain.

We used to use Active Directory, but had issues with clients' bindings becoming broken and not repairable without re-imaging (although that was still running OS 10.5).

We currently bind all Macs to Open Directory for user authentication and managed preferences and haven't had any problems with that.

We are running 10.6.7 or 10.6.8 (no 10.7 yet) on almost all of our 13,000 Macs and are using Active Directory for authentication, Open Directory for user-level managed preferences and the Casper Suite for computer-level managed preferences or policies.

We use Ad as well. We manage 2500 macs.
We have taken a little different path for management. By extending the ad schema, we are able to manage the macs natively, with Workgoup Manager and the AD.
OSx based servers like wiki/blog, ichat, podcast producer servers also use AD to authenticate users. It works rather well. Operating systems in the wild. 10.5.8, 10.6.x and some 10.7 boxes.

We use OD for managing 7,000+ Mac clients and just a handful of windows clients. We tie as many systems into an OD/OpenLDAP authentication process as possible.

Charlie, you're the only person I've heard so far who is running OD on a larger scale. What kind of hardware do you have on the back end to manage that many clients? Thanks a ton for the input!

We use AD for user authentication on ~13k macs and ~7k Windows machines. Use OD for mcx. Haven't gotten around moving mcx into casper.

Also AD here (with Apple's plugin), about 300 clients worldwide.
MCX by Casper.
We had ADmitMac, but dropped it with 10.5 as Apple's plugin works well enough.
Only issue is that sometimes a client loses AD connection for no obvious reason,
have to force unbind and rebind again then, but that's only like once a month.
10.6 and 10.7 were a little picky in the first versions,
but that was fixed with Apple's updates.
Would prefer to have the AD plugin work properly out of the box on the first release,
but yeah, Apple...

AD for 400+ 10.6.8 clients. Windows Server 2003. Ditched OD when we started using Casper. The Magic Triangle was not that magical.

We use E-dir, Has a lot of nightmares, but doesn't need Golden Triangle.

OD for now that may change in the near future

ZebulonSmith, sorry for the delay in response (still need good RSS on this and ability to watch by tags or your own name :-)

We have a distributed setup with XServe and some Mac Mini Servers. Our hardware is beefed up as well (RAM and Processors). We have one Open Directory Master, 1 replica at the core that's used for some 3rd party authentications using LDAP, 10 replicas out at elementaries (1 per site), 12 replicas at secondary schools (2 per site, with four middle schools and two high schools). Our WAN is anywhere from a dedicated 100Mbps licensed frequency microwave up to 1Gbps fiber (about half our sites on each).

This is generally working well for us and we don't have too many issues. However, we have found that we end up with some internal OD database inconsistencies with this larger system (12,000 users and 7,000+ devices). We've worked with Apple engineering on this a lot and will continue to do so.

We're happy to discuss our setup with anyone, feel free to get in touch with me directly if needed. Perhaps a feature request of a PM inside JAMFNation? :-)

We use Active Directory for account authentication (OS X plug-in) and Open Directory to expand the user permissions on the file server.

We use AD, and like it, with one caveat: don't end your FQDN in .local. It causes ten types of hell, since it conflicts with Bonjour. We're migrating the entire domain to a new FQDN over Christmas break.

We use AD w/Centrify