Best practice Mac Management in a Domain

jwworker201 · January 25, 2020, 10:08am

So I currently switched over to a company which is newly founded and therefore needs the whole IT set up from scratch.
I mentally prepared for setting the whole thing up with Windows clients in AD. But my boss insists on running the whole Company on macOS.
Since I have never worked with macs in a corporate environment I got lost on Google and didn’t find anything nicely documented so I hope someone on here can help me out.

We are speaking about 14 employees, everyone with their corporate mac and iPhone. I want to do MDM as well and found jamf to be the easiest to use choice (although VMware Workspace ONE looks interesting as well)

What is the best Domain Controller for a mac environment?
Technically I can join the macs into an AD but I thought about switching to univention Corporate server since I heard pretty good things about it in a heterogenous environment. It’s completely open source and uses LDAP.
Or is Apple Open Directory on macOS Server any good?

Since we will deploying Office365 I am limited to either AD or UCS - at least I don’t know of any way to sync Apple Open Directory into Azure or a way to deploy SSO.

Any previous experiences with this type of setup? I’d love to hear your stories

poomer · January 26, 2020, 3:55am

I highly recommend just spending the budget on getting setup with JAMPF PRO. I work for a large university that has a mixed MS AD domain environment, and we are switching all os x devices to being solely JAMPF managed.

Klingon00 · January 26, 2020, 6:04am

I agree, if you want a one stop solution that is very powerful for managing a fleet of Macs, JAMF Casper Suite is where it’s at.

There are a few alternatives like Symantec Altiris that likes to stop reporting in randomly, I’m not a fan.

jiyong · January 6, 2021, 4:59pm

I remember Keychain and the local items Keychain in patricular being a real headache when the domain and the ached login password didn’t match.

I used to support enterprise Macs and we used Jamf. That was two years ago though.

This blog has really useful Mac enterprise. The blog creator is in charge of Macs for a large hospital I think.

derflounder.wordpress dot com

thro · March 19, 2021, 2:29am

If you’re setting up from scratch - enrol the Macs in an MDM solution and run cloud first? You shouldn’t need any domain controllers, use azure AD instead?

The new world way of thinking is to deal with the user and the applications, the device is irrelevant.

I’d hit up Apple (they do have business support services) for advice. Building an AD infrastructure for a new company whether Mac or Windows may not be necessary today, and especially if you’re a Mac shop just going cloud first/azure AD only may be a better idea.

Building on-prem infrastructure today is probably a backwards step imho. Sure if you need to transition a domain into the cloud, fine. But building one as your foundation today? Not what I’d do, personally.