

The built-in AD Connector allows this to happen straight out of the box. Finally you could simply forget managing the macs and be content with just providing the ability to allow any AD User to log into any bound Mac workstation. You'd still need to download WorkGroup Manager to apply mac-style GPOs if you decided to go this way. The LDAP Connector built into every mac client does facilitate this but it would be an enormous job and would require someone with a deep understanding of both Schemas.

Yet another way would be to manually map everything yourself. Another one involves installing 3rd-Party Software on the Mac itself that achieves the same thing. This software usually provides an intermediate layer or proprietary 'stub' LDAP Database that 'maps' common and comparable attributes and values that suit both platforms. One involves installing 3rd-Party Software on the Windows Server itself. One thing you have to be aware of if you decide to go this way is the real possibility of an SP Update wiping out everything you've done. This is not for everyone and I've only come across one AD Administrator who was prepared to have a go. This clearly will have repercussions as you will be editing/amending/extending Microsoft's properietary LDAP Database itself.
Centrify express for mac os pdf how to#
One way is to extend the AD Schema itself and Baltwo provides links on how to achieve this. If you want o manage or provide a controlled user experience you have to look elsewhere. Apart from Password Policies there are no other Policies that can be applied out of the box.
