Currently Being ModeratedJan 6, 2014 10:49 PM (in response to jessatd75)
First off - you bind Mac clients directly to Windows AD to get user authentication and network user shares. OS X server is not in the middle of those functions. It is not hierarchical.
Golden triangle is the practice of binding Mac clients simultaneously to BOTH a Mac OSX server and Windows AD. This is usually done to standardize various desktop settings/preferences on Macs. It is similar to the GPO mechanism on Windows. You may or may not want to do that for just 12-36 Macs. I would suggest holding off on it until late in your migration because set up of the OSX server is complex.
A Mac server can be very useful for building and deploying software "images" onto your client Macs. OSX server has a service called NetBoot that supports installation of images to client hardware over your LAN. There is also the Apple System Image Utility for making images. "Mac OS X Deployment" by Kevin White is a good reference on this topic.
Good luck with your migration!
Currently Being ModeratedJan 7, 2014 4:46 PM (in response to piperspace)
The biggest things management wise that I was wanting the mac server for was to hopefully be able to push updates to the machines. I do not want users to be able to install software on their own. To allow them to update their computers themselves i would have to make every user a network wide admin and that just isn't an option. I am part time systems admin and also the productions manager(sound, lighting and video) I am also a full time student. So go to all the machines periodically and me running updates also is counter productive and time prohibitive.
Currently Being ModeratedJan 7, 2014 4:57 PM (in response to jessatd75)
Yeah - that's a problem.
We had a similar headache with Apple Update popping up while students were using Macs in school labs. Students are not permitted to run it - so it was an annoying distraction.
Our fix was to implement the Software Update Service on a Mac OSX server. We also implemented Golden Triangle so that we could set a preference pointing all our Mac clients at our local SUS. With local SUS you get to approve each update. We very rarely approve any so our students are no longer distracted (by Apple Update).
Currently Being ModeratedJan 7, 2014 9:17 PM (in response to piperspace)
i know you said its complicated but can you describe how you went about doing this? it sounds like what you had setup is exactly what I'm looking for. Despite my lack of knowledge when it comes to setting up a golden triangle i am actually pretty technologically astute. I am very familiar with windows networks(ive taken 3 classes on windows server since I'm a CS major) i simply don't like windows machines nor does most of the current staff especially taking windows 8 into consideration so we decided to go to macs. So with some explanation it could save me an extended amount of time hunting and testing for all the right settings to make all this work the way i need it to.
Currently Being ModeratedJan 8, 2014 9:36 AM (in response to jessatd75)
Setting up Apple Software Update Service (SUS) on Mac OS X Server is easy. Just use Server Manager and enable the service. It will download updates from Apple and store them locally.
Here is a reference that explains how to configure client Macs to use your local SUS.
Note that you do not actually need Golden Traingle just to set this one preference. You can visit each Mac once to set it. Or you can use Apple Remote Desktop (ARD) to send the necessary commands to your Macs remotely. ARD is a good tool. Recommended.
The complicated thing about Golden Triangle is getting your Mac OS X Server to use the Windows Kerberos security service rather than its own Kerberos. That plus the fact that Mac OS X Server is apt to break if you change its IP address or if you re-organize your DNS. Oh and Golden Triangle requires that you run Apple's Open Directory service. OD has a tendency to corrupt itself - so be sure to back it up frequently. Finally, most references on this topic will mention WorkGroup Manager. That utility has been deprecated by Apple. The new utility is called Profile Manager. Below is the best published reference I know of on this topic. Sorry I cannot give you step by step instructions.