Adding Macs to an Active Directory Domain – Part II

In a previous post, I discussed our process for adding Macs to our Active Directory domain and the issues we encountered with the native Apple Directory Utility.  In this post, I will discuss why we chose to go with AdmitMac for our deployment.

In my original testing we had several issues with getting AdmitMac to work.  Namely, getting the drive mappings to display on the user’s desktop on login.  However, one thing that I have come to appreciate about the folks at Thursby software is the quality of their technical support.  Even though we were not a licensed customer, one of their support reps spent an hour on the phone with me walking me through the configuration step-by-step.  Don’t let that give you pause, there really isn’t so much that I needed an hour of support… it really is simple, but he walked me through everything and answered a ton of questions.  Good stuff.

So let’s talk about the reasons that we used AdmitMac.  First, AdmitMac is easy to install.  The wizard will walk you through several options and will install a new item into your Directory Utility.  Notice that it does not use the built-in active directory service.


Once the software is setup, you will go into the AdmitMac Service to make any changes.  You will be given several options for authentication.



Notice here that you are able to give the users the same options for local or network home that you can give them using the Apple utility, however now in one place.


The local login policy was the one major issue we found with the built-in Apple AD service.  Using AdmitMac, you can set the number of times a user can login remotely before needing to attach to the domain again, AND the user will have administrative priviledges when they are remote as well.  Not having administrative privledges remotely with the same user account was the deal breaker for us, and what ultimately pushed us to this solution.


Here you can set who is the admin of the computer, either domain users or groups.

By default, domain users are placed into a new set of folders on the local hard drive, specifically Macintosh HD/domain/domainname/username.In addition, the AdmitMac product has a “home mover” utility that will take the local user account that already exists and make a copy of the files into this new folder structure, with all the appropriate permissions in place.  Thus, little to no impact on the user.

I was able to successfully use “home mover” to move my files into the new structure.  Note that if the user’s home directory is huge, and there won’t be enough diskspace to make a copy, AdmitMac will let you know before it starts.

Overall, we have had zero issues with our AdmitMac deployment over the past month.  I would recommend you take a look at Thursby software if you are looking for an easy to use solution for Macs and Active Directory.