Why Are You Using AD When Your Org Uses Macs?

Written by Rajat Bhargava on July 30, 2015

Share This Article

We see a lot of companies now whose employees are all using MacBooks. People just like them better:  they’re sexier, they have high-end graphics, and you no longer have the compatibility concerns you did in the past. We also see that some of these companies are still stuck with Microsoft Active Directory® (AD) as their directory. Like a vestigial tailbone, it’s the only piece of Microsoft equipment that they keep.

Organizations stay with AD for a variety of reasons. Most of the time it’s because that’s all they know. Modern cloud-based directories are relatively new and not all admins are aware of the new hidden gem that is cloud-based directories. So they go with what they know — old fashioned software and AD for their directory.

Mac and Active Directory: It’s Complicated

apple vs microsoft

Back in the day when everyone had clunky Dell desktops, Active Directory managed their logins and access to internal apps. It was an exclusive solution built for systems running Microsoft Windows®. Sadly, macOS didn’t get invited.

Windows was dominating the industry and it didn’t make sense to invest in resources for one-off systems that nobody used in the enterprise. Not to mention the fact that Microsoft wanted customers to be locked into their ecosystem so they could sell them more products. However, things began to change in the mid-2000’s with the introduction of web applications, and thus, the cloud.

Fast forward to today and things look very different. Windows is only running on a fraction of enterprise systems and macOS has become a common sight in the workplace. Yet, while developers have come up with a massive list of new solutions that function outside of Active Directory, nobody has ever taken the time to transition to a more modern and relevant directory until now.

Directory Services for Macs

BYOD security

IT admins currently have a couple of options for centralized Mac management.

The first option is to manually configure Macs to connect with AD. While it can make sense if you only have a few Macs, the issue with this approach is that AD’s native management capabilities for Macs is extremely limited compared to Windows systems.

For example, group policy objects (GPOs) cannot be applied to Macs. GPOs are extremely powerful tools for deploying commands and scripts to Windows systems anywhere on the network. They are used to enforce security and usage policies (among others) and deploy them to any number of systems automatically. Unfortunately, these same policies cannot be deployed from Active Directory to Mac systems.

Another option is to leverage a legacy Active Directory extension platform. These solutions are layered on top of AD’s on-prem instance and can provide some additional management capabilities for Macs. The issue with these solutions is they share a lot of the same limitations for managing Macs because they are simply layered on top of AD. Further, because they need AD to function, it is yet another way for Microsoft to lock users into their ecosystem.

Directory-as-a-Service® for Macs

complete mac user management

Most IT admins are well aware of the previous solutions to their chagrin, which is why Directory-as-a-Service (DaaS) is particularly intriguing. DaaS is a flexible cloud-based directory service platform that offers device agnostic management for all of your systems (e.g. Windows, Mac, Linux). In doing so, DaaS hopes to eliminate the siloed management solutions that IT admins are used to in favor of a centralized management schema that everyone can enjoy.

Directory-as-a-Service makes the most sense for organizations that have limited to no investment with AD infrastructure. Typically we see this type of situation in smaller or younger cloud-forward companies. Some of these are 100% macOS shops or don’t already have a directory service solution implemented. In their case, it wouldn’t make sense to invest heavily in a solution that is only going to cause them headaches like AD. Therefore, Directory-as-a-Service has been a delightful new approach to a previously exclusive management system for Windows alone.

JumpCloud makes it easy to transition your Active Directory into something more appropriate for your actual infrastructure. Manage your Mac logins, manage your WiFi and Radius logins, control access to your Single Sign-On web apps with our integrations with Bitium, OneLogin, and Okta. JumpCloud takes it even further, allowing you to push policies to MacBooks, unlike Active Directory. After all, if your employees are all using Macs, why are you still using AD?

To learn more about how Directory-as-a-Service can benefit your organization, contact us today. You can also sign up for an account and see first hand how easy managing Macs can be, with or without Active Directory.

Continue Learning with our Newsletter