Writeback MacOS Passwords To Active Directory

By Vince Lujan Posted October 7, 2019

IT admins with macOS® systems know this problem all too well: How do they sync an Active Directory® (AD) password with an Apple® machine and then writeback macOS passwords to AD?

This has been a vexing problem for most IT admins that once required a great deal of effort to mitigate. Fortunately, a next-generation cloud identity provider (IdP) is presenting a new solution.

Identifying the Cause

The root cause of this conundrum is the fact that Active Directory — a Microsoft product and common directory services solution — and macOS — an Apple product and direct competitor to the Windows platform — don’t play well together. Consequently, admins have to find creative ways to manage macOS passwords with Active Directory. 

Traditional approaches to this problem involved manually creating users on macOS systems and then connecting them to AD. This was done by configuring a number of settings in the Mac system preferences panel and then within the AD administrative console. 

Then, the user either had to login to a web-based OWA (Outlook Web Access) instance if that was available or purchase an on-prem software solution to update passwords. Although manually resetting passwords wasn’t impossible, it was a rigmarole that would would rather be avoided. 

Taking A Closer Look

There are two general problems at play here. One is account creation, which is really a one-time event. But the second is the ongoing updates of passwords by users on a recurring basis, which often results in password reset tickets.

For small organizations and startups, these are minor issues for IT admins. However, for organizations that are growing quickly, the onboarding process can be time consuming and tedious with a manual approach. 

AD admins need a solution to on-board and manage a user’s macOS account, while keeping Active Directory as their core identity provider. The good news is that JumpCloud®’s Active Directory Integration feature is designed for this exact use case.

A New Solution to an Old Problem

The JumpCloud Active Directory Integration feature has two primary components. Active Directory Import enables admins to import AD users into the JumpCloud administrative console and then extend them to a wider range of IT resources including macOS systems. Active Directory Sync allows JumpCloud to writeback user attributes to Active Directory, including passwords and other attributes.

What this solution does for IT admins is leverage their core identity provider for non-domain bound IT resources. The result is that IT organizations have the freedom to leverage a wide range of IT resources while still maintaining control over their network infrastructure.

Features of AD Integration include:

  • Sync JumpCloud Users and Groups with Active Directory.
  • Update and writeback macOS passwords to Active Directory.
  • Authenticate remote or unbound Mac, Linux, and Windows systems. 
  • Authenticate Active Directory users through JumpCloud LDAP, RADIUS, and SAML services.
  • Enable multi-factor authentication (MFA) for systems and applications. 
  • Support for Active Directory on Windows Server 2008, 2012, and 2016.

With respect to Mac systems, this enables JumpCloud to writeback macOS passwords to Active Directory. JumpCloud also offers a macOS app, which gives users the ability to change their Mac password directly on their machine. 

The end result is that users can update their system password on their Mac endpoint and seamlessly writeback their macOS password to Active Directory. 

Learn More About JumpCloud

The JumpCloud Active Directory Integration feature is a great tool for organizations that still have AD on-prem but need more flexibility for their users. Contact JumpCloud to learn how to writeback macOS passwords to Active Directory. You can also sign up and check it out for yourself. Your first 10 users are free forever.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts