As a MacTech for a provincial College with a great number of Mac's I'm looking to get an idea of the best method setup for running Mac's connected to a AD (Active Directory-Windows) network?
Our primary network is Windows AD and all computers authenticate to AD for login. At the moment we have always setup the Ma's to authenticate to AD using the "Active Directory Plug'n" within the Directory Utility in OS X 10.5 Leopard which we have no issues with authentication working and users get logged in.
The issue rather question I have is, what is the best setup for dealing with user accounts (AD Accounts) on the client Macs. We create a default user, make all the needed adjustments then one of two ways either by logging in as root we copy over all the needed settings from that user into the default OS profile (/System/Library/User Template/English.lproj) or by using terminal copy the entire custom setup profile into the default OS profile.
This works good and we get the customized setup/profile when new AD users login but we see the odd issue with certain apps not working properly with preference files, user rights to programs etc.
Is there a better setup so that all users that login using AD authentication use the custom account created and not use a new profile that needs to be created each and every-time a new user logs in?
I think most applications, settings and other customized changes made in one default account would be nice to use if it could be somehow connected to the AD user logging in. Plus would help with user login speed.
Thanks,
Carter
Top
