For integrating non-Windows OSes into Active Directory, we use software from Centrify.  There are some issues that we've run into with Mac systems, but there really aren't that many COTS products in that space.  The key is that it allows for application of Group Policies to the Mac systems.

As far as using SCCM to manage Linux systems, I still have nightmares about the System Center products from Microsoft.  I have successfully used Dell's KACE kBox product to manage RH-family Linuxes and the integration is not difficult.  All of that said, I'm much more a fan of using IBM's Tivoli products to manage systems - it does things right out of the box that Dell's product promised and never delivered.

--- A

Sent from my Windows Phone
From: Steven Timm
Sent: ‎8/‎5/‎2014 10:12 AM
To: Yasha Karant
Cc: [log in to unmask]
Subject: Re: Microsoft Active Directory and SCCM

When Fermilab deployed Kerberos 5 on all of our unix and linux,
and simultaneously Windows 2000 on our Windows side, it was the
intent that eventually everything would run off of the windows
Active Directory side.  14 years later that has never happened.
There are others on this list that know in detail why that is.

There are some Microsoft services for Unix that in theory
can do all the things you need to do to make the windows
domain controller serve as a master kdc for Linux machines.

I have never heard anyone use or try to use SCCM for Linux.  It
is certainly worth the money within the Windows domain though.

I've never heard of anyone hooking Macs into Active Directory.

Steve Timm


On Tue, 5 Aug 2014, Yasha Karant wrote:

> The administrative computing and network unit at my institution seem to want
> to force us to use Microsoft Active Directory and SCCM. The generalities that
> have been released to date are quoted below:
>
> *Recommendation*
>
> 1.
>
>    Work with the ITC’s across the University to join all University
>    owned PC’s and Mac’s to an organizational unit (OU) of the CSUSB AD
>    Domain.
>
> 2.
>
>    Provide training to all ITC’s on Microsoft Active Directory and SCCM
>    Administration
>
> *Cost:* $25,000 Estimated
>
> *Rationale:* With the availability of advanced tools to maintain and upgrade
> machines from a central console, Faculty and Staff will greatly benefit from
> patches and updates being done for them remotely and in an automated fashion.
> They will also be able to install campus licensed software themselves.
>
> NB: ITC Information Technology Consultant (a California State University
> staff position designation) -- a technician, typically with a BS in IT or a
> related field, who has hardware and software control over
> non-administrative-computing "Faculty" MS Windows or Mac OS X workstations.
>
> End quote.
>
> Does anyone on the list have to use these Microsoft proprietary systems with
> EL open systems -- both servers and workstations? If so, what are your
> experiences and how does one do the integration? Under no circumstances are
> we willing to share root passwords with the administrative unit. Replies off
> list are welcome.
>
> Yasha Karant
>

------------------------------------------------------------------
Steven C. Timm, Ph.D  (630) 840-8525
[log in to unmask]  http://home.fnal.gov/~timm/
Fermilab Scientific Computing Division, Scientific Computing Services Quad.
Grid and Cloud Services Dept., Associate Dept. Head for Cloud Computing