JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Mac OSX and Active Directory



We all know the history between Apple and Microsoft®. There’s no love lost between the two. Even when Apple was on the brink of extinction, not much changed within this dynamic. And who can forget those, “I’m a Mac, I’m a PC” commercials?

But with 91% of enterprise organizations using Macs, IT departments are given the tough task to integrate these two bitter rivals in one directory. Admins everywhere are asking, “How are Macs integrated into Active Directory®?

The true answer is that they aren’t. AD can authenticate Macs, but anything deeper than that and it gets tricky. AD struggles to completely control Mac user management and also has no device management capabilities. Macs (and Linux devices) are treated like red-headed stepchildren when it comes to Microsoft Active Directory and Windows.

Why Active Directory Struggles to Manage Macs

Manage Macs, Linux and Windows effectively

AD was built and is meant for Windows. AD can authenticate, authorize, and manage Windows devices and users seamlessly, and this makes sense given that Microsoft owns both platforms and only cares about proliferating Windows.

The problem is in today’s IT environment, Windows isn’t the only game in town. Macs and Linux devices are a big part of many organization’s infrastructure. As IT admins grapple with the multiple platforms the question inevitably turns to how will we control these Macs?

Will we let them be self-managed, will we just control authentication, or do we want to have full control just as we do with our Windows machines?

Unfortunately, most organizations are forced to opt for one of the first two options. Until recently, there hasn’t been a way to completely authenticate, authorize, and manage Macs and their users.

Manage Macs with A Cloud-Based Solution 

Directory-as-a-Service® (DaaS) is the way that Macs can start to be under the control of IT.

Admins have two options with Directory-as-a-Service:

  1. Extend AD through a bridge to DaaS and have DaaS control Mac devices
  2. Leverage DaaS as the full directory service for the organization

Either option provides IT admins with deep user management and device control over Macs. Finally, Macs are first class citizens just as Windows devices have been. Admins can tightly control access, remotely troubleshoot issues on the machine, and set policies.

This is a breath of fresh air, since Macs have effectively been unmanaged in most organizations.

Learn More About How to Manage Macs

If you would like to learn more simplifying Mac management by extending AD with our AD Integration or replacing AD with Directory-as-a-Service, drop us a note – we’ll be happy to discuss our experiences on managing the Mac platform and integrating it with Directory-as-a-Service. You can also start testing our effective Mac management by signing up for a free account. Your first ten users are free forever.


Recent Posts
Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Blog

Introducing the JumpCloud Windows App for Workflow Simplicity and Security

Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Blog

Which Protocols Should Be Used for IAM?

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.

Blog

Breaking Down the Domainless Enterprise

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.