Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

OSX Server OD in an AD environment

F

flamingclaptrap

macrumors newbie
Original poster
Jan 14, 2015
1
0
Hi,

I've been trolling through the documentation the best I can however, I've been unable to find information regarding the question I have. Unfortunately, I have no real background with OSX, aside from minor support for friends and coworkers.

Situation, I have an OSX Server in an AD environment and would like to implement MDM to manage iOS devices. My question is if implement OD, which is required for MDM, then how would it respond to the fact the server is already connected to AD? I would prefer not to have OD at all associated with AD for security reasons.

Does OD automatically replicate, or does it act as it's own entity and ignore AD unless told otherwise?

I unfortunately don't have a test machine to mess with or I'd play with it more.

Hoping some wise OSX folks can help me out with this.
 
Yebubbleman

Yebubbleman

macrumors 603
May 20, 2010
6,024
2,617
Los Angeles, CA
flamingclaptrap said:
Hi,

I've been trolling through the documentation the best I can however, I've been unable to find information regarding the question I have. Unfortunately, I have no real background with OSX, aside from minor support for friends and coworkers.

Situation, I have an OSX Server in an AD environment and would like to implement MDM to manage iOS devices. My question is if implement OD, which is required for MDM, then how would it respond to the fact the server is already connected to AD? I would prefer not to have OD at all associated with AD for security reasons.

Does OD automatically replicate, or does it act as it's own entity and ignore AD unless told otherwise?

I unfortunately don't have a test machine to mess with or I'd play with it more.

Hoping some wise OSX folks can help me out with this.
Click to expand...

You can set up OD to work with AD and to otherwise function as the means of managing Macs and iOS devices with the account info from AD. This is often called "The Golden Triange". If you have Macs in place anyway, you should be doing this anyway. If you don't, then I wouldn't sweat it as it doesn't do you much for iOS (seeing as iOS doesn't utilize front-facing user accounts anyway); setting up OD won't interfere or cause issues.

As for security concerns for setting up an OD server with AD, unless your networking and other IT staff really don't know what they're doing, there shouldn't be any. It's done all the time in several companies that do mixed environments. AD is king and OD piggy-backs onto AD in those cases. No security risk whatsoever.
 
DJLC

DJLC

macrumors 6502a
Jul 17, 2005
959
404
North Carolina
I have a similar setup at the school I work for — an Xserve with Mavs Server running OD and Profile Manager + AD for authentication. AFAIK, OD doesn't really talk to AD. Authentication requests are just passed over to AD by both the clients and the Xserve. Clients are bound to AD, then OD, then enrolled in Profile Manager. Users can authenticate to both Profile Manager and SMB on the Xserve using AD credentials. Been working well since I set it up last summer!
 
U

unplugme71

macrumors 68030
May 20, 2011
2,827
754
Earth
flamingclaptrap said:
Hi,

I've been trolling through the documentation the best I can however, I've been unable to find information regarding the question I have. Unfortunately, I have no real background with OSX, aside from minor support for friends and coworkers.

Situation, I have an OSX Server in an AD environment and would like to implement MDM to manage iOS devices. My question is if implement OD, which is required for MDM, then how would it respond to the fact the server is already connected to AD? I would prefer not to have OD at all associated with AD for security reasons.

Does OD automatically replicate, or does it act as it's own entity and ignore AD unless told otherwise?

I unfortunately don't have a test machine to mess with or I'd play with it more.

Hoping some wise OSX folks can help me out with this.
Click to expand...

OD will only replicate if you tell it to. And if you want it to replicate, it will only do so with another OS X server install. Preferably with the same OS and Server app version for best compatibility.

You don't need OD for Profile Manager: https://support.apple.com/en-us/HT202285
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom