Mac Active Directory Integration

Authentication, Group Policy, Audit and Reporting

---

The Basics

• Introduction
• Why Customers Choose Likewise Enterprise
• How it Works
• Technical Overview
• Features Overview
• Supported Platforms
• Frequently Asked Questions (FAQ)

In-Depth Features

• New Features in 5.0
• Screenshots
• Group Policy
• Gnome Group Policy
• Cell Technology
• PCI Compliance
• Single Sign-On for Web Applications
• Single Sign-On for Databases
• Single Sign-On for Apache Web Server
• Single Sign-On for ERP & Storage Applications
• Kerberos Authentication
• Cross Forest Trusts
• Cached Credentials
• Reporting
• Likewise Identity Service
• Likewise Administrative Console
• Workgroup Manager Overview
• Workgroup Manager Policies
• Audit and Reporting Overview
• Advantages Overview
• Complying with HIPAA Standards
• Linux Active Directory Integration
• Winbind

Apply Workgroup Manager Settings as Group Policy Objects

Likewise Enterprise applies Managed Client Settings to Mac computers with Microsoft Active Directory and Workgroup Manager, a free server administration tool from Apple for remotely managing user, group, and computer settings on Mac OS X machines.

Likewise Enterprise hooks Workgroup Manager up with Active Directory by applying Managed Client Settings (MCX) as standard Microsoft Active Directory group policy objects, or GPOs.

Native Apple Solution Requires AD Schema Changes and Extra Servers

To integrate Macs with Active Directory by using Apple's built-in Directory Service (DS) plug-in, the AD schema would have to be modified. For the native Apple solution, the schema would need both the RFC 2307 attributes as well as Apple's own schema extensions for managed client settings (MCX).

For many administrators, however, extending the Active Directory schema is not an option. So administrators end up deploying Apple Mac OS X servers with Open Directory enabled, and use Open Directory to store MCX settings. If Mac Active Directory integration is still required for common account and password management, then the user authentication can be performed by the Active Directory DS plug-in from Apple, and the management of preferences can be provided by Apple's Open Directory DS plug-in.

With Likewise, No Schema Changes and No Extra Servers

Without requiring schema changes and without requiring additional servers, Likewise Enterprise integrates Macs with Active Directory and extends Workgroup Manager to manage Mac preferences with group policy objects.

You also get Kerberos-based authentication, role-based access control, centralized account management, and additional Mac-specific group policies. There's no complicated setup process, no need for more infrastructure like an Open Directory server, no risky schema changes.

The Key to the Likewise Solution: Group Policy Objects

Likewise Enterprise solves Mac Workgroup Manager and Active Directory integration problems by using the existing model for managing users and computers in Active Directory: group policy objects. GPOs can be edited with the Microsoft Group Policy Object Editor (GPOE) and managed for the enterprise with the Group Policy Management Console (GPMC).

The group policy object design is a well proven model for large-scale systems management. For the actual payload about the settings that a given policy defines, this information is stored as file data in the policy sysvol directory on the domain controller.

Likewise Enterprise allows your administrators to use Workgroup Manager to navigate to specific group policies in Active Directory and store either user or computer MCX preferences from Workgroup Manager's full set of features. When the settings are stored in the GPO, the Likewise Enterprise agent running on the target Mac computer applies the computer and user group policies according to the Active Directory model of hierarchy and inheritance.

The result is a proven, scalable approach for managing the settings of all the Mac computers in an enterprise.

Next > > Audit and Reporting Overview