Equivalent of AD Users and Computers app but on Mac OS X

New Contributor II

Is there any equivalent application to Microsoft's AD Users and Computers but available for Mac OS X?
Basically the only time given, my specific role, to access a Windows box or start-up a Windows VM is to unlock a users account on AD or to move/delete a computer object in the Mac OU in AD. Given those two specific requirements is there a Mac app for that (that is free if possible)? I have looked before into this and I could only find outdated apps or very expensive high-end server style Enterprise solutions.

Thank you


Honored Contributor

I've never dealt with it but look into Samba. I know it does support for the SMB protocol, but I believe it also has AD functionality too.



I would look into Microsoft's Remote Desktop mac app. I've looked for solutions like this in the past but in the end it just wasn't worth the effort.

New Contributor

We've used AD Helpdesk both for iOS and Mac desktop in the past to unlock/reset passwords, etc but does not have group policy functionality.

Last time i used it was 2 years ago, so not sure if its any different.

Valued Contributor III

As @galionschools said, pretty much accepted method to remote into a terminal session somewhere and do it there. Much less bother than having a VM or Windows partition, providing of course you have the terminal server available.

Honored Contributor

Whoops I misread this. Certainly you can RDP into the Windows machine with those tools or run a Windows VM with those tools.
However, if your team is interested there was something I used at a previous job that plugged into AD. It was called Quest ServiceRole. It was pretty neat. A quick google shows it looks like Dell has acquired them: http://software.dell.com/products/activeroles-server/
No idea how expensive it was. But it was certainly convenient to not have to RDP into a Windows machine to use AD Users & Computers.

Valued Contributor III
Valued Contributor III

I've spent many a moon searching for something that does this natively on a Mac. Alas, my Google-fu failed me. I just installed the Account Lockout Tools on one of our domain controllers and run it from there through an RDP session using Microsoft's Remote Desktop App.

Contributor II
Contributor II

It could be possible to run the application you use natively on windows as an X11 app?

Contributor II

Depending on your setup, and if you're feeling chummy with the sysadmins, you could get a Citrix/XenApp server up and running, and you can run your applications through that. You could argue that this would benefit everyone else, because it gives a centrally managed location for admin apps.

Of course, if you don't already have a Citrix environment, then this will be well outside of your scope/cost/justification.

You could also try Parallels intergration (Windows VM) or WINE (http://wiki.winehq.org/MacOSX)?

Contributor III

Have you looked into Apache Directory Studio? I don't have full access to our AD servers, but I have been allowed/able to remove machines from AD that fall into a disabled state.

Contributor II

While outside the scope of the question, the Active Directory Assist (free for query, $12 for making changes) iOS application does this pretty well. You can perform various queries and make some basic changes.

It won't replace an RDP session to a real Windows system, but it works great in a pinch (disable accounts is a perfect example, can do it from anywhere with a VPN session).