Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Nickrichyrichardson
Nickrichyrichardson Author
User level: Level 1
0 points

Newly Hired Apple Systems Analysts with a few questions.

Hello everyone and thank you for stopping by!


I recently was hired by a school Township as an Apple Systems Analysts, most of my knowledge is in windows management and I am looking to get a better grasp on everything Apple. I am currently going through the Townships current setup and I am noticing some interesting items, there are a few hundred machines joined to the existing Windows Active Directory Service and also joined to an Open Directory that is housed in a machine on premise. From my understanding, you would join a machine to both ADS and OD so you could authenticate through ADS and manage through OD. The machines have been managed using server 3.1 on OS X 10.7 with the use of Workgroup Manager. They would like for all of the systems (Servers and Client machines) to be updated, and I know as of right now Workgroup Manager is not officially support with OS X 10.10 and Server 4.1 (Source: OS X Server: Admin tools compatibility information - Apple Support) so is there a point to having an Open Directory? With the latest version of OS X Server is there a need to use anything else besides Profile Manager? Does Profile Manager require an Open Directory? If so why should I join my machines to both ADS and OD?



Any additional information would be greatly appreciated, various different forums and articles do not seem to address these points directly in a way I understand.


Thanks,

Nick

Mac mini, OS X Yosemite (10.10.3), OS X Server 4.1

Posted on Apr 20, 2015 2:19 PM

Reply
Question marked as Best reply
User profile for user: Antonio Rocco
Antonio Rocco
User level: Level 6
12,278 points

Posted on Apr 23, 2015 8:25 AM

" . . . so is there a point to having an Open Directory?"


Yes. For the same reasons as before.


". . . is there a need to use anything else besides Profile Manager?"


If by this you mean will Profile Manager fulfil all your management needs, then probably not. Even in earlier versions WorkGroup Manager was not the one-stop shop AD's GPMC is. For a more rounded/granular approach look to supplement Profile Manager with a sound understanding of what can and can't be managed by OS X Server and what's available on the client machines themselves. Depending on your requirements a lot of management can be done locally and/or in the build. Certainly look to brush up your Terminal skills as having an understanding of this can be a very powerful addition to the available management tools. Definitely look to use of DeployStudio, Munki and ARD to name a few if you're not already doing so?


"Does Profile Manager require an Open Directory?"


Once started Profile Manager will start Open Directory. So I guess the answer is yes? Although you don't have to use most of what it provides if you don't want to? MCX (the underlying technology WorkGroup Manager taps into) still exists so there are still some things you can manage/control using it even though Apple says it's not officially supported. You can still install and use it - up to a point - if you're prepared to put up with random error messages/crashes etc.


Some personal thoughts: after three iterations Profile Manager is still not quite there but it is improving although a lot depends on your expectations of it. Perhaps your environment is instead a good candidate for JAMF's Casper Suite? You would not have to move too far out of your Windows Comfort Zone and it provides more than Profile Manager has to offer. If you're looking at managing a large number of iOS devices then look at AirWatch, MobileIron etc as they too improve on what Profile Manager has to offer so far.


My 2p.

View in context
2 replies
Question marked as Best reply
User profile for user: Antonio Rocco
Antonio Rocco
User level: Level 6
12,278 points

Apr 23, 2015 8:25 AM in response to Nickrichyrichardson

" . . . so is there a point to having an Open Directory?"


Yes. For the same reasons as before.


". . . is there a need to use anything else besides Profile Manager?"


If by this you mean will Profile Manager fulfil all your management needs, then probably not. Even in earlier versions WorkGroup Manager was not the one-stop shop AD's GPMC is. For a more rounded/granular approach look to supplement Profile Manager with a sound understanding of what can and can't be managed by OS X Server and what's available on the client machines themselves. Depending on your requirements a lot of management can be done locally and/or in the build. Certainly look to brush up your Terminal skills as having an understanding of this can be a very powerful addition to the available management tools. Definitely look to use of DeployStudio, Munki and ARD to name a few if you're not already doing so?


"Does Profile Manager require an Open Directory?"


Once started Profile Manager will start Open Directory. So I guess the answer is yes? Although you don't have to use most of what it provides if you don't want to? MCX (the underlying technology WorkGroup Manager taps into) still exists so there are still some things you can manage/control using it even though Apple says it's not officially supported. You can still install and use it - up to a point - if you're prepared to put up with random error messages/crashes etc.


Some personal thoughts: after three iterations Profile Manager is still not quite there but it is improving although a lot depends on your expectations of it. Perhaps your environment is instead a good candidate for JAMF's Casper Suite? You would not have to move too far out of your Windows Comfort Zone and it provides more than Profile Manager has to offer. If you're looking at managing a large number of iOS devices then look at AirWatch, MobileIron etc as they too improve on what Profile Manager has to offer so far.


My 2p.

Reply
User profile for user: Nickrichyrichardson
Nickrichyrichardson Author
User level: Level 1
0 points

Apr 23, 2015 8:25 AM in response to Antonio Rocco

Appreciate your reply and great information,


We are looking into using FileWave being since it is a friendly cross-platform solution that will allow us to centralize our management into a singular place. I investigated throughout our equals, and a combination of FileWave and ARD will allow us to manage our Macs and a 1:1 setup of iPads for students.


Nick

Reply

Newly Hired Apple Systems Analysts with a few questions.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up