Extend Active Directory to your Mac and Linux Devices

Written by Greg Keller on April 17, 2015

Share This Article

Microsoft Active Directory debuted in 1999 and it quickly rose to be the market share leader.  It has served as the core of the directory services architecture for many organizations for many years – but that’s beginning to change.

Active Directory’s Glory Days

identity management active directory

AD’s dominance started in the early 2000s when networks were mainly homogenous with Microsoft Windows. Inexpensive commodity servers could be implemented running Windows 2000 (Server) to establish a centrally controlled domain to which their employees could connect.

Microsoft Active Directory served three specific purposes for a Windows-based network. First, users were authenticated to the network. Second, admins could establish authorization policies that controlled what users could access. And third, IT admins could centrally manage Windows devices through AD. So when a user logged in to their Windows device with their credentials, they were automatically connected to the requisite applications and devices. The access could include file servers, Windows-based applications, printers, and other IT infrastructure.

AD and the Diversifying Device Landscape

secure wifi and remote worker management

The Microsoft AD dominance started to show cracks in its foundation in the late 2000s. IT started to change and AD didn’t change with it. Organizations that were once completely dominated by Windows began to include a variety of work devices.

Apple’s resurgence made Macs the desired choice for personal machines, making it extremely hard if not impossible to manage all of the devices with AD. Linux’s continued growth in the data center and through technical departments diversified the field further. Then came mobile phones and tablets, which are dominated by Apple and Google.

AD failed to keep up – and that meant a plethora of devices completely untethered (and unmanaged) at organizations using AD.

AD and Cloud-Based Services

Active Directory fails in the cloud

The shift in IT didn’t stop with new device types. New SaaS-based applications and infrastructure that once lived physically on-premises (e.g. ‘the server closet’) emerged to solve a wide range of problems in virtually every functional area. Increasingly, organizations started leveraging web-based solutions instead of building their own applications or purchasing on-premises software and equipment.

AWS launched a whole new category: Infrastructure-as-a-Service. On-premises data centers converted to pay-as-you-go cloud servers. Servers could be ‘virtualized’ in seconds, versus waiting days if not weeks for a server machine with the appropriate OS to be delivered.

These massive IT changes left Active Directory flat footed. AD didn’t embrace Mac OS X (now macOS), Linux, or Infrastructure-as-a-Service. Similarly, many applications also could not connect back to Active Directory. The tectonic shifts in IT over the last decade have left IT admins with AD managing a small fraction of what it once did.

Complex Environment, Complex Challenges

cross-platform device management

AD’s inability to adapt has left IT organizations scrambling with how to control and manage all their non-Windows devices and applications. Users need to be authenticated to whatever device/application they are on and IT needs to be able to control that device/application. The longer they wait to address this, the more the risk to the organization grows.

All of the diversification from non-Windows devices/applications has led to a tidal wave of different support issues. Most IT admins are Microsoft-oriented and trained. They often have little working knowledge of these devices/applications.

If an IT admin is going to be able to solve a support problem, they must not only have familiarity in working with the device, but also direct access to it and the ability to execute tasks on these non-Windows devices. It’s the same for applications: IT needs central control over what the users can access.

Organizations have been slow to adapt, which is limiting for employees working with Mac and Linux devices. They deserve to be supported as Windows users are, like first class citizens. Being able to leverage their Mac or Linux credentials centrally to other areas of the network would give them the same single sign-on capabilities as Windows and allow them to work more efficiently.

An All-in-One Solution

jumpcoud Directory-as-a-Service

A new breed of solutions called Directory-as-a-Service® is allowing IT to extend Active Directory installations to non-Windows devices and applications. The central identities stored in Active Directory can now be easily leveraged for Macs, Linux devices, and other web and on-prem applications. Directory-as-a-Service is the bridge between the two. The DaaS solution is a cloud-based directory service. As such, Directory-as-a-Service can control authentication and management of devices remotely, regardless of location or network.

In order for DaaS to work as intended, AD user credentials are replicated into the DaaS solution through a small agent placed on the Active Directory server. Each Mac and Linux device to be managed also has an agent installed. The agents on the end devices securely communicate with the cloud-based directory service to receive local accounts, ensure their remote management by IT admins, and provide authentication to the end user. Device control can be accomplished by creating commands, scripts, or tasks in the web-based console of the DaaS solution. As a result of these connections between AD and the DaaS solution, the core user identities are propagated to the non-Windows platforms.

The unique capabilities of a DaaS solution also enables full device control very similar to Group Policy Objects leveraged by AD and Windows machines.

Benefits of DaaS

In an era where Microsoft market share is declining, being able to leverage your existing Active Directory installation to other platforms and applications is smart. It saves time and money. IT admins can leverage an existing directory infrastructure for Windows devices and then add a Directory-as-a-Service solution to extend AD to the rest of the IT infrastructure.

That means full control over the IT infrastructure, whether it is inside the organization’s facilities or elsewhere. IT admins are in control and accountable regardless of platform, resulting in a faster moving, more secure organization.

For more information on how to leverage your existing investment in Active Directory to manage the rest of your IT infrastructure drop us a note at sales@jumpcloud.com. A Directory-as-a-Service solution can solve the critical problem of controlling and managing your Mac and Linux devices.

Greg Keller

JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

Continue Learning with our Newsletter