AD Asset binding
With Active Directory being the primary identity and authentication mechanism, Mac machines required a plugin/application for AD integration or manual intervention to bind Mac machines to Active Directory. MDM lets you achieve this remotely in devices using AD asset binding policy. In addition to basic AD account addition, you can also configure additional settings such as granting local admin privileges and account type.
- Active Directory must be integrated with MDM using Admin credentials
- Mac machines must be able to contact the Active Directory
- A valid OU path.
|Active Directory Settings|
|Select Active Directory domain||Specify the Active Directory to which the Mac machines need to be added.|
|Organizational Unit (OU) path||You need to add the OU path to which the machines needs to be grouped under. You can obtain the OU path by executing the command dsquery user -name <admin-user-name>* on Command Prompt. This is a sample OU path: CN=Your IT Admin Name,OU=Your enterprise OU,OU=A branch,OU=Your Organization,DC=subdomain,DC=Your organization domain,DC=Your top level domain|
|Device Access Settings|
|Access Type||Define the scope of access for the users. If you choose Network, users can access their Mac machines using AD credentials only if they can connect to their organization AD. This option can be ideally used in case of Mac machines present in the organization network. If you choose Mobile, users can access their Mac machines using AD credentials anywhere, irrespective of if the machine can connect to the organization AD or not. This option can be ideally used in case of field employees or employees working from remote locations.|
|AD user groups to be granted Admin privileges||Specify the AD user groups to be granted local administrator privileges on Mac machines.|