How to manage MAC OS under AD and Group Policy

Question

We are having ADDS on windows server 2019 . Some users have apple laptops. I know we can join Active Directory Domain Services on mac but that will only control user login and password policies only. What are the other options for to apply different Group Polocies on mac

Answer 1

Hello Saad,

Thank you for your question and for reaching out with your question today.

You're correct that joining macOS devices to Active Directory Domain Services (AD DS) primarily helps with user authentication and password policies. However, if you're looking to apply different Group Policies to macOS devices beyond what's supported by AD DS, you might need to explore additional solutions:

1. Configuration Profiles: macOS supports configuration profiles that allow you to manage settings and restrictions on devices. These profiles can be created using tools like Apple's Profile Manager, third-party Mobile Device Management (MDM) solutions, or configuration utilities provided by vendors like Jamf.
2. Mobile Device Management (MDM): Using an MDM solution allows you to manage macOS devices remotely and apply various policies, settings, and restrictions. Popular MDM providers for managing Apple devices include Jamf, Microsoft Intune, VMware Workspace ONE, and others.
3. Third-Party Tools: Some third-party tools and solutions specialize in providing advanced management and policy enforcement capabilities for macOS devices. These tools often offer more granular control over settings and policies compared to AD DS Group Policies.
4. Apple Business Manager: If your organization uses Apple Business Manager, you can use it to enroll devices and distribute apps and configurations. This platform integrates with MDM solutions to manage devices effectively.
5. Scripting and Configuration: You can use shell scripts, configuration profiles, and other custom solutions to apply specific configurations and settings to macOS devices. However, this approach requires scripting expertise and might not be as comprehensive as MDM solutions.
6. Custom Policies: Some MDM solutions and third-party tools allow you to define custom policies and settings that go beyond what's offered by AD DS Group Policies.
7. Security Tools: Consider using security tools and solutions designed for macOS that can help enforce security policies and monitor for threats on Apple laptops.

Remember that macOS and Windows environments can have different management paradigms, and it's important to find solutions that best fit your organization's needs. Evaluating MDM solutions, third-party tools, and Apple's own management offerings can help you find the right balance between user experience, security, and policy enforcement on macOS devices.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

If the reply was helpful, please don’t forget to upvote or accept as answer.

Best regards.

Answer 2

Hello Saad Ahmad,

Thank you for posting in our Q&A forum.

After my research, it may be not possible to apply group policy directly to MAC devices.

The link below might be helpful. Please read the article.
https://snehpatel.com/index.php/2019/12/30/apply-active-directory-group-policy-on-macos/#:~:text=If%20you%20are%20in%20need%20to%20apply%20group,Using%20open-source%20projects%20like%20Profile%20Creator%20%E2%80%93%20https%3A%2F%2Fgithub.com%2FProfileCreator%2FProfileCreator

Hope the information above is helpful. If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

==========================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 3

Good evening,

Can you confirm that you didn't have any kind of problem doing the Join on the Mac in a server 2019 ? After the reboot I can no longer access the AD, it gives me the following error.

however if I use server 2012 it works correctly.