In the final post of this series I will show how to finish the Magic Triangle configuration between the Mac Server, Windows Domain Controller and the Mac client. Here are the other pieces in the series:
- Managing Macs in a Windows shop, part 1
- Managing Macs in a Windows shop, part 2
- Managing Macs in a Windows shop, part 3
- Managing Macs in a Windows shop, part 4
This post will concentrate specifically on the Mac client and how to close up the triangle. I did this with both MacBook Pros and with MacBook Airs. I highly using a MacBook Pro or at least getting a dongle with a network port for the MacBook Air. Even if you have a wireless network that communicates with your domain controller I can almost guarantee that you will run into problems. After it gets set up your users will be able to use the wireless to access various network equipment.
Here is the setup I follow when I am putting a new Mac client on the network:
- Boot from a USB with the Mac OS on it and install it. You may have to go to the Disk Utility and format/erase a partition on your drive to install your OS on.
- When the installation is complete it will take you through a short Welcome Wizard that you will need to complete as appropriate for your environment. This will include creating a computer account. This computer account will be a local administrator on the machine by default.
- Login using the account you just created.
- Open System Preferences >> Sharing
- Enable Remote Login
- Enable Remote Management and put a checkmark next to all of the appropriate services you would like to be able to manage remotely.
- Under Remote Management, click Computer Settings and put a checkmark next to Anyone May Request Permission to Control Screen.
- Put a checkmark next to VNC Viewers May Control Screen
- Change the computer name to a name that matches the scheme your environment uses.
- Make sure the client is on the same subnet as the Mac Server and the domain controller.
- You can now VNC to the Mac if you like using the VNC options Hextile and Full Color.
- From the dock, open System Preferences or click Show All to get back to the System Preferences.
- Click on Users and Groups
- Select Login Options
- Click the Padlock to make changes
- Click the Join button
- Enter the IP address of the Mac Server and click OK, then click Trust.
- Back in Users and Groups click Edit next to Network Account Server.
- Click Open Directory Utility
- Highlight Active Directory and click on the Pencil icon to edit.
- Type in your domain (ex: domain.org) and click Bind. So basically you are binding your Mac client to both the Active Directory and to the Mac Server Directory
- Use Active Directory domain admin credentials and change the Computer OU to whichever OU in which you're containing your Macs.
- Now click on the arrow next to Advanced Options
- Put a checkmark next to create Mobile Account (this step is optional, but if you're users are using MacBooks and would like to take them home, I would recommend this step). The Mobile Account is kind of the best of all worlds and caches credentials and other information locally so it's still accessible when they're not on the network.
- Click the Administrative tab and put a checkmark next to Allow Administration by so that domain and enterprise admins have local admin access.
- Restart and login using that users account and allow it to create the Mobile Account.
At this point the Magic Triangle configuration is complete! You should be able to log on to the Mac clients with any valid network credentials configured in AD and you should be able to access various network equipment. Obviously you will need to go through and configure Mail and calendars (iCal) if you like to. There is an IM client already installed called iChat. You may also want to turn on the native encryption using FileVault. You can configure printing, Time Machine, and Profile Manager as mentioned in previous posts. You will be able to update the machine by going to Software Update as mentioned in Part 4 of this series and you may want to add, dare I say it, anti-virus!
This completes the Managing Macs in a Windows Shop series. If you have any questions or comments, please feel free to put them below.
Lauren Malhoit has been in the IT field for over 10 years and has acquired several data center certifications. She's currently a Technology Evangelist for Cisco focusing on ACI and Nexus 9000. She has been writing for a few years for TechRepublic, Tech Pro Research, and VirtualizationAdmin.com. As a Cisco Champion, EMC Elect, VMware vExpert, and PernixPro, Lauren stays involved in the IT community. Lauren has been a delegate for Tech Field Day and has also authored a book called VMware vCenter Operations Manager Essentials.