Remember the assumptions for this series of articles – OS X 10.3 or 10.4 clients…
Q. Can you walk me through how to join an Apple Mac to my Windows AD domain?
Yes! I’ve written a seperate guide on how to do this, as there are quite a few steps. Enjoy!
Q. How can I manage user account settings? Can I use GPOs?
No! Account management works rather differently in OS X than it does in Windows. OS X does understand things like password policies, permissions, group memberships and the like so this basic level of access can certainly still be set from your Windows Server.
Q. I’m using ISA Server, and my Mac users can’t connect to the Internet as it won’t accept their password!
You need to enable Basic Authentication on the ISA Server to enable Mac clients to present login credentials. Your users should use their own user account details as they would to log in, and can save them in the keychain if they find they are being repeatedly asked for them.
Q. Do I need to worry about Anti Virus software on Macs? There isn’t much choice!
While I’ve always denounced people who claim virus infections are impossible in OS X as ignorant, and I still stand by that, the current risk to Mac clients is substantially lower than it tends to be on Windows machines. As such, I wouldn’t advise spending a lot of time or money on AntiVirus software for Macs.
If your current site-licenced AntiVirus program has a Mac version then by all means install it. If not, and you’d still like to do something, consider ClamXav an open source Virus Scanner for OS X that should be quite ample for most needs.
And remember, the best defence against viruses, trojans or anything else, and regardless of whether you use a Mac or Windows or whatever, is your brain – think before you allow strange code to run from your admin level account!
Q. What sort of access to email will users on an Apple Mac have on my network?
This largely depends on what email server and clients you wish to use. Assuming you have Internet access from the mac clients, the simplest method is to use webmail access if your email server offers this facility.
If not, you can consider using the standard OS X mail client to pull down messages. Concerns for this method are privacy – each user needs their own OS X client account for this to work, and integrity – email apps on both your Windows and Mac clients need to leave messages on the email server in order that they are available wherever a user logs on. This means that using the basic Apple and Microsoft email apps in their default pop3 setup becomes complicated.
Ideally, if you use Microsoft Exchange to run your email system then you might be able to use Microsoft’s mail client for the Mac, Entourage, to allow Mac users to have a similar access to their email accounts as they enjoy with Microsoft Outlook in Windows.
Q. Is it possible to link an OS X server to AD for authentication – e.g. as a domain member server?
Yes it is. I discuss briefly how I’ve done this in another article in this series.
The scope of how to do it is beyond this kind of article because there are too many “it depends on your current design and what you’re trying to achieve exactly” moments, but it most certainly can be done.