Ross Derewianko and Scott LaPaglia, IT Admins at Ping Identity, examined different methods of using Self Service to automate deployment of Active Directory (AD) in an existing Macintosh environment. They specifically showcased how Mac admins can deploy Active Directory binding to an existing infrastructure via the Casper Suite and how to easily migrate existing local user accounts to mobile, managed accounts.
Ross and Scott support approximately 350 globally deployed Macs, with 40% supported remotely. They decided to use Self Service for AD binding to provide a balanced and scalable solution for better password security and a better user experience. Challenges they faced in implementing the solution included migrating accounts from local to managed, remote users binding machines and setting up managed accounts remotely, getting passwords to sync to FileVault 2, and a need to limit user interaction when binding was implemented.
Prior to using the Casper Suite, Ping Identity had to access each Mac and walk through a workflow of about a dozen steps to add services to the Directory Utility within Mac login options. Now, with the Casper Suite, users can login with their own local account and click a button to run a policy in Self Service in order to bind the machine to AD. The Casper Suite allows Scott and Ross to empower their users to deploy scripts via Self Service that determine the username, delete the local account, CHOWN the home folder to the network ID, and add the mobile, managed account.
A bit of work up front—scripting and leveraging the JAMF Nation community—has saved Ross and Scott a ton of time, increased security for Ping Identity, and created a great user experience. The culture at Ping Identity is one of openness, collaboration, and remote work. The Casper Suite has helped Scott and Ross to align their work with that culture and support their goals to provide scalable and secure IT services while providing a seamless and integrated user experience.
Watch the full video of this session now.