To join a Linux system to AD, we can use open source solutions like SSSD, Winbind. There is also a great commercial product named "CentrifyDC" providing a free version called "CentrifyDC express".
To join a Mac OS X to AD is actually as simple as would a Windows 10. Mac OS X has a built-in function to join/bind to a Windows Domain.
- Log in to the Mac as an Admin
- Open ‘System Preferences’ and select ‘Users & Groups’
- Select the ‘Login Options’ menu in the sidebar and use the “Join” button. (Make sure the DNS setting is right so Mac can find the DC Server).
- Enter the fully-qualified domain name of the AD domain being bound
- AD Domain level credentials will be needed
By default domain administrators don't have super right on Mac even if Mac joins AD. This can be changed by:
Mac OS X uses its own algorithm to calculate the user's necessary attributes like uid, gid based on what attributes are stored on AD.
smstongtekiMac-mini:~ administrator$ id
uid=1839808755(administrator) gid=1939330391(CANADA\Domain Users) groups=1939330391(CANADA\Domain Users),12(everyone),62(netaccounts),763240085(SMALLSTRONG\Schema Admins),969000933(SMALLSTRONG\Enterprise Admins),1367114704(SMALLSTRONG\Group Policy Creator Owners),793112335(SMALLSTRONG\Domain Admins),988540702(SMALLSTRONG\Domain Users),1083572540(SMALLSTRONG\Denied RODC Password Replication Group),33(_appstore),80(admin),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh)
On AD DC side, we can see the computer has been added to group "computers".
On AD DC side, we can see the computer has been added to group "computers".
No comments:
Post a Comment