I am a Windows SYS Admin. We already have some MAC's, but I am not happy with the way that I CAN'T really admin them.
So, my question:
As we get a new MAC now, what's the correct way to add it? (It's never really a part of the domain – I know that)
I will have 1 admin user on this MAC, and the owner as well (total of 2 admins) – IS there a difference to which account is created first?
Can I make it, that the user's account will be able to see his currently private folders on our File Server (SMB protocol?) – if our AD users are: first.last – can that be the login to the MAC?
Best Answer
First off, Macs will happily bind to Active Directory domains - there's some variation between versions of AD and OS X, but if you're on AD 2008 or newer and OS X 10.8.3 or newer you won't have any problems. Use the Accounts preference pane, open Directory Utility for more control, or use
dsconfigadfrom the Terminal. Once a Mac is bound, you will see it in your AD domain's Computers, just like anything else.The UUIDs will be different, based on the order of account creation, but there is no functional difference between any two accounts that have been granted administrative rights. You can also specify AD groups when binding to grant admin rights (typically AD domain and enterprise admins).
Accessing the SMB share will be based upon that share's owner and permissions. If the user logs in to the Mac with his AD credentials, they should be able to easily connect to the share; with a small amount of effort you can easily add the share to auto-mount at login.
You might want to check out AFP548 for more resources on Macs and AD.