How to Manage Remote Mac & Linux AD-Bound Systems

Written by Cassa Niedringhaus on April 20, 2020

Share This Article

A persistent challenge IT teams face is how to manage non-Windows systems that need to be connected to Active Directory®

Active Directory was designed to manage Windows® systems, particularly those used on-premises and in traditional offices. However, with the current shift to remote work, admins need straightforward ways to manage all remote systems — including Windows, macOS®, and Linux® machines. Without additional technology, binding Mac and Linux systems to AD and then managing them through it is difficult. Admins struggle to provision and deprovision user accounts on those machines or configure them in bulk with policies akin to GPOs.

Despite these challenges, admins know that managing remote Mac and Linux systems is important both from a security perspective and also to keep users productive as they navigate this challenging time. Productivity and critical IT resource access are important as users try to do their jobs effectively with less support and more distractions.

We’ve covered ways to troubleshoot binding non-Windows machines to AD — here for Mac machines and here for Linux machines. There’s another straightforward solution in Active Directory Integration, a JumpCloud® feature through which AD admins can manage, configure, and secure Mac and Linux machines.

Manage Mac & Linux with Active Directory Integration

JumpCloud is a cloud directory service platform, and it can serve as a standalone directory or as a comprehensive AD bridge to virtually all IT resources. With Active Directory Integration in place, admins can federate core AD identities where they’re needed, including Mac and Linux machines. That means they can create local user accounts on those machines, and users access them with their AD credentials.

The integration also enables a bidirectional sync so that changes made in JumpCloud are reflected in AD, including user state and passwords. That means Mac users can change their passwords directly on their machines and those changes are written back to AD through JumpCloud. All users — including those using Linux — can also change their passwords through JumpCloud’s User Portal, and those changes are also written back to AD. Neither of these workflows require a VPN solution.

Admins can suspend user access either in JumpCloud or AD, and that change propagates throughout their environment, too.

JumpCloud has a suite of Policies admins can push to machines in each of these platforms, to configure and secure them. These include policies to disable removable storage devices, enforce full disk encryption, and set screens to lock after a certain period of time, for example.

Benefits of Active Directory Integration

There are numerous benefits of taking this approach, including:

  • AD as the authoritative source of identity: Admins can maintain AD as the authoritative source of identity but extend it to virtually all IT resources through a single cloud platform.
  • Centralized system management: Admins can use Active Directory Integration to centrally manage machines, regardless of operating system, without complex tooling or direct binds with AD. 
  • AD functions managed from a web-based console: Admins can begin to manage AD functions from a web-based GUI, including creating local accounts, configuring machines, and suspending user access. 
  • Multi-factor authentication enabled at login: Admins can require users to provide another factor of authentication, such as a TOTP token, at login across their fleet of machines.

Learn More about Remote Work with JumpCloud

At JumpCloud, we’re committed to helping companies transition to remote work as seamlessly as possible. Click here to learn more about our Directory-as-a-Service and how it underpins secure remote access to virtually any IT resource. You can also familiarize yourself with the platform and its features by signing up for a free account — your first 10 users are free.

Continue Learning with our Newsletter