computerwoche.de

Archiv

Mac IT Guy: Access Exchange from home

25.01.2011

The most popular way to do that is (as you say) with dual directories, also known as "The Magic Triangle," in which you use Mac OS X Server as an Open Directory (OD) server that is also bound to AD. Clients then bind to both AD and OD, and you use the Mac OS X Server to actually manage your Mac users and computers. That's a good technique, but it does come at a cost--namely, the expense of a Mac and a copy of Mac OS X Server.

The second common method is called . All directories--whether AD, OD, Novell's eDirectory, or OpenLDAP--define objects within their purview using . You can modify Active Directory schema in such a way that Workgroup Manager can manage Mac users and computers--no copy of Mac OS X Server required.

With early versions of AD (particularly 2000), this was a bit of a risk, because if such schema modifications broke something, there was no way to cleanly back out. In current versions of Active Directory, this problem has been solved, and schema modifications are now a solid way to integrate Macs into Active Directory environments--with some caveats:

In other words: Schema mods are a solid way to solve many of the problems of managing Macs in an AD environment, but they won't solve every problem and they aren't something you can just do and forget about it.

The approaches Mac integration with AD from the Windows point of view. It allows Windows administrators to integrate and manage Macs using standard Windows Active Directory management tools. For example, password policies are set via Group Policy Objects (GPOs) instead of by Apple's Managed Client for Mac OS X (MCX) settings. Centrify also helps integrate Macs into environments where smart cards and two-factor authentication are required. Centrify is not free, nor is it cheap, but it does give you a lot of capability for the money, in a way that allows AD administrators to manage Macs without needing a Mac themselves. However, Centrify is not a deployment solution. It works well with other deployment solutions, such as Apple Remote Desktop, LanRev, and Casper. But, in and of itself, it isn't a deployment solution.