Deciding when and how to join a domain
Following installation, you will be prompted to join a domain. Whether to join a domain depends primarily on how you intend to join. Centrify provides two ways to join a domain:
- Through Auto Zone, which is the recommended method for installations with 1500 or fewer users. When joined through Auto Zone, all users and groups defined in Active Directory for the forest — as well as all Active Directory users defined in a forest with a two-way, cross-forest trust relationship to the forest of the joined domain — automatically become valid users and groups on the Mac computer.
- By connecting to a specific Centrify zone, which is the recommended method for installations with 1500 or more users, or for installations in which fine-tuned access control is needed. A zone is similar to an Active Directory organizational unit (OU) and allows you to organize the computers in your organization in meaningful ways to simplify account and access management and the migration of information from existing sources to Active Directory.
The assumption of this guide is that you are joining Auto Zone. After installation, you can follow the instructions to join the domain and with a few configuration steps all of your Active Directory users will be able to log into this computer.
Note: If you have a set of Apple Open Directory users, you should migrate them following installation but before joining a domain.
On the other hand, if your environment requires a zone structure, you must create that structure before joining a domain. Therefore, after installing the DirectControl agent, consult the Planning and Deployment Guide and the Administrator’s Guide for Linux and UNIX, which explain in detail how to plan, create, and maintain an Active Directory installation of non-Windows computers with Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service.