Macintosh gotchas
Up until now, I've only managed networks with Windows users and the occasional *nix server. Soon, a few users with Macs will get added to our network. What are some "gotchas" to look out for when adding Macs to the network? Key concerns here: compatibility with Active Directory and security
You might want to invest in a utility that disables the creation of .DS_Store files on network volumes. Otherwise you'll find these little files popping up all over your network volumes as the Mac users use them.
I use an app called Cocktail for this.
Updates ... although OS X can authenticate to AD there is nothing that requires them to update their computers. Make sure you talk to them about installing the updates as they come out. There really isn't any way to force them to do it though.
If your internal domain is .local, you will have a problem resolving names via DNS. There is an old article on Mac OS X Hints which describes a solution:
I created a
company.localfile in/etc/resolver, and populated this file with the nameservers for thecompany.localAD domain. This allows Mac OS X to use standard DNS to resolvecompany.local(orsubdomain.company.local), while still allowing Rendezvous to operate as expected.The only drawback I've seen to this approach is that the nameservers in this
company.localfile don't update via DHCP, so I have to update them manually.
Here is a more official support document from Apple which will parse your existing /etc/resolv.conf to populate the file in /etc/resolvers.
If you have enough Macs, I'd suggest adding a Mac server - to create the so called "Holy Trinity". You don't even need to buy an Xserve - OSX server runs on a Mac Mini!
The Macs use AD for all the normal access/permissions and the Mac server for Mac specific task such as updates (you'll find a Mac version of WSUS called Software Update Server). You could also use the Mac server deployment options (NetInstall) for installs.