ajcfreak
Level 1 (4 points)
Servers Enterprise

Q: Open Directory vs Active Directory   migration from Windows to Mac

Okay, so I assist my old school in their IT needs, since they don't have a hired person to fulfill that role.

 

Currently, they have a centre where the staff use 10 Windows 10-based PCs (Core 2 Duo systems, mostly assembled; all about 3 years old) connected to a Windows 2008 Server (from Dell; about a year old). As the institution wishes to expand the computers available to their staff (of 90), my suggestion has been to switch to Macs (Probably 11" MBAs), with a MacBook Pro 15" doing the duty of the server.

 

This migration cannot take place in one stroke, and would happen in a phased manner (probably 20-25 MBAs purchased every year, for the next four years).

 

The current setup is that there is a local + Admin user configured on each of the Windows 10-based PCs, with all staff having access to the local, non-Admin user.

 

For the sake of easier management, I would like to move them to network-based logins, as we begin our migration to a macOS environment.

 

Do we configure AD on the Windows server, and bind MBAs to it, as and when we purchase them, with the final purchase being the MBP 15" for server-duties, or is there some way we can get the 15" MBP now, and use Open Directory, and binding the existing 10 Windows 10-based PCs to the macOS Server?

 

NOTE: The school runs Google Apps, and all staff have a Google Apps account with a custom domain name.

MacBook Air, OS X Server

Posted on Sep 25, 2016 11:55 PM

Close
ajcfreak

Q: Open Directory vs Active Directory   migration from Windows to Mac

  • All replies
  • Helpful answers

  • by Antonio Rocco,

    Antonio Rocco Antonio Rocco Sep 26, 2016 1:23 AM in response to ajcfreak
    Level 6 (10,606 points)
    Desktops
    Sep 26, 2016 1:23 AM in response to ajcfreak

    You can't bind PCs to Open Directory without 3rd-Party help (pGina). Besides depending on the OS this may not work reliably? You'd have to trial it first. Beyond binding and providing a home folder there would be nothing else. No management, no policies etc from Open Directory to your PCs.

     

    The supported way of doing this is to use Active Directory, and supplement it with OD for managing your mac estate only. Again you can't apply GPOs to macs without 3rd-Party help which can be very expensive.

     

    Not that it's something you would consider - although you might do? It may be best to go 'all mac' if your intention is to move to macOS. If your PCs are using software that is only available for PCs consider using VMs on your Macs to keep that aspect of school going.

     

    My 2p

  • by Njofrekk,

    Njofrekk Njofrekk Sep 26, 2016 1:42 AM in response to ajcfreak
    Level 1 (43 points)
    iPhone
    Sep 26, 2016 1:42 AM in response to ajcfreak

    Since you cannot apply GPOs to Macs in an AD environment and I guess (haven't tried it yet) Windows PCs would have similar problems in OS X Server environment, have you considered setting up a linux based server for both Macs and WinPCs during the migration to full macOS+Server environment?

  • by John Lockwood,

    John Lockwood John Lockwood Sep 26, 2016 2:47 AM in response to ajcfreak
    Level 6 (9,339 points)
    Servers Enterprise
    Sep 26, 2016 2:47 AM in response to ajcfreak

    Since you already have a Windows server which can act as a server both Windows and Macs I would stick with that. Also frankly Apple's server software is a bit of joke. (A bad one. )

     

    I am surprised that a year old server is allegedly running Windows Server 2008, clearly 2008 is much older than a year. It would have been more logical to have Windows Server 2012R2 which would have been the current version a year ago. I would suggest upgrading it to at least 2012R2 if not 2016.

     

    I would agree managing Macs is best done via Mac tools. However this does not require specifically Open Directory as these days management is done via a Mobile Device Management solution (MDM) e.g. Apple's Profile Manager, or JAMF Casper Suite, or similar. Many of these can run on non-Mac servers, some can run on Mac servers, its your choice.

     

    A MacBook Pro as a server which is what you apparently said would be a terrible idea as it would be a waste of an expensive laptop. If you really must use a Mac as a server then a Mac mini is the more common choice.

  • by ajcfreak,

    ajcfreak ajcfreak Sep 27, 2016 5:30 AM in response to Antonio Rocco
    Level 1 (4 points)
    Servers Enterprise
    Sep 27, 2016 5:30 AM in response to Antonio Rocco

    Thank you so much for responding.

     

    If PCs can't really be bound to OD for proper management, I think we'll just continue using the PCs as they're currently being used and transition to Macs (someone else suggested MDM/etc instead of OD, but I'll have to look into that a little deeper).

  • by ajcfreak,

    ajcfreak ajcfreak Sep 27, 2016 5:31 AM in response to Njofrekk
    Level 1 (4 points)
    Servers Enterprise
    Sep 27, 2016 5:31 AM in response to Njofrekk

    That is an interesting thought. But since the school doesn't have a dedicated IT person (I'm an old student who helps them out as and when I've got free time), any Linux system is a strict no-no.

     

    It is definitely a very interesting idea, though - will take a look at it.

  • by ajcfreak,

    ajcfreak ajcfreak Sep 27, 2016 5:36 AM in response to John Lockwood
    Level 1 (4 points)
    Servers Enterprise
    Sep 27, 2016 5:36 AM in response to John Lockwood

    - Thanks for the heads-up about Apple's server software. Didn't know. I've got zero practical server experience; just a lot of know-how from what I've read.

     

    - The server runs Windows 2008 since it was provided by a vendor in 2011, and was recently damaged in a flood and was replaced; school doesn't own the hardware/software, and the vendor has no reason to upgrade the OS, really (why should they?! :-) )

     

    - I've zero experience on the server side, and only know what I've read around. I will need to look further into MDM/JAMF versus OD, and see if they can run on non-Mac servers.

     

    - MacBook Pro as a server is my personal suggestion, since it seems to work out a lot cheaper than the Mac Pro. The Mac Mini was never in consideration since we plan to move to 90+ laptops (1 per staff member) over the next 3-5 years, and my personal take was that the Mac Mini couldn't 'handle' that much of a load. I'm open to suggestions, though - since like I said before, I've zero experience on the server side.

  • by John Lockwood,

    John Lockwood John Lockwood Sep 27, 2016 6:04 AM in response to ajcfreak
    Level 6 (9,339 points)
    Servers Enterprise
    Sep 27, 2016 6:04 AM in response to ajcfreak

    You could get two Mac minis for a similar price.

  • by ajcfreak,

    ajcfreak ajcfreak Sep 27, 2016 7:46 AM in response to John Lockwood
    Level 1 (4 points)
    Servers Enterprise
    Sep 27, 2016 7:46 AM in response to John Lockwood

    So, I'm assuming that the extra processing power, RAM, etc. of the 15" MBP don't matter much?

     

    I've been Googling to find out how many systems on a network can be supported by a single Mac Mini, without bringing down the entire network - or making it sluggish; but I can't find anything like that.

     

    Does the processing power, etc. of the Server really not matter?

  • by John Lockwood,

    John Lockwood John Lockwood Sep 27, 2016 8:35 AM in response to ajcfreak
    Level 6 (9,339 points)
    Servers Enterprise
    Sep 27, 2016 8:35 AM in response to ajcfreak

    For the numbers we are talking about here, either 45 each or 90 total the bigger issue is going to be network bandwidth. Having two Macs means each handles half as many connections for the same bandwidth.

     

    You could add either additional network interfaces to a single Mac, or even a 10Gbps interface to a single Mac, or as I suggested use two Macs. Another benefit of two Macs is that each also has their own storage and own connection to that storage again effectively doubling the 'speed' of the storage in total.

     

    With regards to CPU power then basic file serving is not particularly CPU intensive, with regards to memory more is always better but a MacBook and Mac mini both can do the same amounts of RAM.

     

    In fact the components in a Mac mini are very similar to a MacBook Pro so the performance really is quite similar.

  • by ajcfreak,

    ajcfreak ajcfreak Sep 27, 2016 11:52 PM in response to John Lockwood
    Level 1 (4 points)
    Servers Enterprise
    Sep 27, 2016 11:52 PM in response to John Lockwood

    Thank you, that was really helpful.

     

    I will look into how we can implement two Mac Minis as two separate server units, running one network.

     

    Thanks, again!