Active Directory and Mac Management

Written by Greg Keller on September 2, 2016

Share This Article

Modern organizations are in a quandary. They want to leverage the best platforms on the market such as Mac OS X and Linux devices. However, their core directory service, Microsoft Active Directory, struggles with user and device management of non-Windows platforms. 

Active Directory Mac management capabilities would be incredibly useful for these organizations. Perhaps a central directory service that is independent of a platform would also work for IT admins. Whatever the specific solution, the ability to manage Mac user access and the devices themselves is an important problem for IT organizations to solve.

Mac management with Directory-as-a-Service

AD Misses The Mark On Mac Management

hi res logos

So, what’s the problem? These solutions don’t play well together. For instance, Active Directory, which was once a highly critical piece of software, is struggling with the Macs in the organization. AD lacks the ability to fully manage all user access. In addition, its configuration is more challenging than Windows platforms. A core feature of AD – Group Policy Objects – isn’t available for Mac devices. In short, Macs are treated like second-class citizens. This is also true of Linux and other non-Windows applications and cloud platforms such as AWS and Google Compute Engine.

Aiming For A Solution


There are two ways to solve the Active Directory Mac management problem.Path one is to extend Active Directory to your Mac devices by leveraging a “directory extender”. In this case, user accounts from AD are synced to the cloud directory extension platform. A tiny agent is placed on the Mac devices and as a result, IT has full control over the Mac from a user and device management perspective.

Path two is to fully replace AD with a modern Directory-as-a-Service® platform. This case is more prevalent today as only one in five devices are Windows. AD has largely lost its luster and is only able to manage a small portion of a modern organization’s infrastructure. In this second path, a cloud-hosted directory service is independent and treats each platform (Windows, Mac, and Linux) as a first-class citizen with full user and device management capabilities.

The IT World Has Evolved Since Active Directory Launched

When Active Directory hit the market in 1999, the world was very different than it is today. Almost all companies were exclusively based on the Microsoft Windows platform. All of the IT resources were housed behind the firewall or within data centers that were run by the organization. In fact, the whole concept of IT was much more command and control. IT would decide on platforms which would be used by the entire organization. If a specific business unit was interested in a certain technology, IT was intimately involved in the selection process.

Today, IT organizations are enablers to the business. Their role has dramatically shifted to being a service organization to the rest of the business. IT’s goal is to help every function in the company be its most productive while protecting the organization from security risks. This approach has resulted in a dramatic shift in the way IT operates and the platforms they choose. Today’s IT is managing Macs, Linux systems, Google Apps, WiFi, and a wide variety of other infrastructure components. Generally, these are all enablers to a more agile, productive organization.

Hit The Mac Management Bullseye With Directory-as-a-Service

JumpCloud directory-as-a-service

If you would like to learn more about how you can manage Macs with or without Active Directory, drop us a note. We can walk you through how Directory-as-a-Service could help in either scenario. Also, feel free to give JumpCloud® a try to see our Mac user and device management capabilities for yourself. Your first 10 users are free forever.

Continue Learning with our Newsletter