Filed under: Enterprise, Education, Found Footage
Found Footage: Managing Active Directory with Workgroup Manager
Years ago, Macs didn't even acknowledge the presence of Windows networks, which made those LAN wine-and-cheese parties pretty awkward. Now, however, OS X machines are exemplary network citizens, and apparently can even manage Windows workstations under the right circumstances.
TidBITS linked to a roundtable discussion at Cornell University, where Philip Halcomb, of Cornell's Mann Library ITS staff, demonstrated managing user accounts in Active Directory. Now, this wouldn't be very exciting, except for the fact that he was using Mac OS X Workgroup Manager to do it. Sweet.
Phil's part starts at about 7:30. It's a long QuickTime video, too -- almost an hour -- but for IT folks, especially in an education environment, the roundtable series is a must-see.
(Thanks, MHA, for Phillip's name!)
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Jonathan Wise said 4:03PM on 5-08-2008
"Years ago...?"
I hope you mean decades ago.
Reply
Robert Palmer said 4:08PM on 5-08-2008
Fun fact: Decades are made up of years.
Robert Palmer said 4:11PM on 5-08-2008
Plus, MacTCP only started shipping with Mac OS since 1994. That's less than 20 years ago.
Jonathan Wise said 4:12PM on 5-08-2008
Neat-o! Learn somethin new every day!
But "years" implies more recency, when in fact I was networking Macs and Windows machines in the 80s.
Too many people think Windows>Mac interoperability is a new thing. In fact the first device named the SuperDrive was dubbed as such because it could read DOS-formatted floppies. Networking, exchanging files, and even running Windows on a Mac is not a new trick.
Just trying to clarify that years is < 10.
BTW, TCP isn't the only networking protocol -- the mature iteration of it is quite young, but networking existed before TCP/IP 4 (and MacTCP)
Reply
MHA said 4:22PM on 5-08-2008
It was Philip Halcomb of Cornell's Mann Library ITS staff.
Reply
Ryan Trevisol said 5:00PM on 5-08-2008
Sweet find Mr. Palmer!
I do work in an education environment, and once my district gets its head around Active Directory, I'll use this daily.
Oh, and welcome! I quite enjoyed your article about removable hard drives the other day.
Reply
Robert Palmer said 5:03PM on 5-08-2008
Thank you Mr Trevisol. I like how we're keeping our discourse professional, with the surnames and all. ;)
Ryan Trevisol said 5:20PM on 5-08-2008
Well you can call me Ryan if you like. ;-)
What can I say? I'm feeling professional and formal today.
Reply
Ryan Trevisol said 5:20PM on 5-08-2008
Hmmm . . . I KNOW I clicked reply. :-\
Ryan Trevisol said 5:20PM on 5-08-2008
Hmmm . . . I KNOW I clicked reply. :-\
adisor19 said 8:27PM on 5-08-2008
WHOA !
I've been using my MBP to administer my Windows AD at work for almost a year now i never knew about this !
I've been using Apple Remote Desktop to VNC on all the PCs but i would always jump to my work PC when managing AD accounts as i didn't know the Apple Workgroup Manager was able to do it.
I am EXTREMELY impressed and thankful to learn this :)
Adi
Reply
actionbastard said 8:40PM on 5-08-2008
This is not about managing Windows accounts with WGM.
This is about managing Macs with WGM that are bound to an AD domain. P.H. added schema extensions to his AD domain so that he could use WGM to manage his Macs for users with accounts that exist in his AD domain so he wouldn't need to use an OD server to do it. He even mentions in the vid that he doesn't even need the OD server for authentication.
Take a break and watch the vid again.
Reply
adisor19 said 8:50PM on 5-08-2008
Fair enough but this is not important to me as i don't have any Macs to manage at work. I only have PCs joined to AD. Having WGM manage those accounts directly, is very useful to me and that's what i wanted to point out.
Is there other tools like this available for the mac ?
Adi
Bret Knight said 10:23PM on 5-08-2008
adisor19, if you had carefully read what actionbastard said you'd realize that what the presentation was about was managing Macintosh network-based user accounts using Workgroup Manager against an extended Active Directory data base schema. It was incorrectly inferred by Mr. Palmer that it is possible to use Workgroup Manager to manage an entire Active Directory data base directly or the attributes of a Windows user's account on an Active Directory server. Unfortunately you will still have to use a PC to manage your Active Directory data base and your Windows users' accounts.
Robert Palmer said 11:18PM on 5-08-2008
Thanks, actionbastard and Bret Knight, for the correction about Active Directory. I'll be the first to admit that Windows networking is not my forte, but apparently I know just enough to be dangerous.
Extremely dangerous.
Reply