OS X Integration into AD Domain
One of my clients is a Kindegarten-Year 12 private school and Apple have sold the executive staff on a 1to1 Macbook program. I want to gather the thoughts and opinions of you good folk regarding the integration of OS X into the AD domain and any interesting stories and past experiences are welcome :)
Firstly, let me give you some information to work with. As part of the service contract with the school I am onsite 30+ hours per week so there is no concern over the time scope. The school has 2 iMac labs with a total of around 30 iMacs and we have 2 year 4 classes as pilots for the 1to1 program. The iMac labs are bound to Open Directory on an OS X Server and this is to achieve some user control/lock down via workgroup manager - although this has been very inconsistent. The iMacs are also bound to AD for AD user authentication. This seems work well and it is very rare a user cannot authenticate on the iMacs.
The 1to1 Macbooks connect to the network via a wireless network across the school which users PEAP and Radius authentication with AD, however the users log on to the Macbook with local OS X accounts. This means once the user has logged on, you must authenticate with AD to connect to the wireless. This works OK also.
In 2 years the estimated number of 1to1 Macbooks will be in excess of 300 plus the 20 iMacs which may be implemented into the classrooms themselves replacing the teachers PC. The PC currently provides all network access to the teachers within the class including running software for the Interactive Whiteboards and other educational tools.
With such a large network (16 servers, 700 workstations plus the Apples) almost all software and workstation administration is done via Group Policy. My biggest concern is how are we going to manage so many cross platform machines and integrate them successfully into AD. Even single sign on seems difficult to accomplish.
Domain is 2003 R2 / 2008 and over the next 12-18 months it will be solely 2008 (with a little luck). Soooo.... any thoughts, comments, previous nightmares you can each bring to the party?
I am more than happy to answer specific questions or provide further information - I guess the big question is, will this work or should we be shutting the 1to1 program down before it becomes the majority appliance for students and teachers? Apple sold the executive staff with some flashy approaches and ultimately empty promises on the success of rolling Macbooks out into the school.
Look forward to a cooled and heated discussion :) :)