If you are using on-prem AD, Nomad and Nomad Login are still free. You only have to pay JAMF for the Nomad Pro offerings, which are primarily for cloud providers. https://nomad.menu/products/

We used to go with NoMAD but now use the Kerberos SSO Extension from Apple to authenticate to our On-Prem AD (pushed out via Intune to our Macs): https://www.apple.com/business/docs/site/Kerberos_Single_Sign_on_Extension_User_Guide.pdf

Folder containing your folder/share has to have “everyone” read posix permissions, otherwise AD users cannot read the share folder’s permissions

Hello Saad,

Thank you for your question and for reaching out with your question today.

You're correct that joining macOS devices to Active Directory Domain Services (AD DS) primarily helps with user authentication and password policies. However, if you're looking to apply different Group Policies to macOS devices beyond what's supported by AD DS, you might need to explore additional solutions:

1. Configuration Profiles: macOS supports configuration profiles that allow you to manage settings and restrictions on devices. These profiles can be created using tools like Apple's Profile Manager, third-party Mobile Device Management (MDM) solutions, or configuration utilities provided by vendors like Jamf.
2. Mobile Device Management (MDM): Using an MDM solution allows you to manage macOS devices remotely and apply various policies, settings, and restrictions. Popular MDM providers for managing Apple devices include Jamf, Microsoft Intune, VMware Workspace ONE, and others.
3. Third-Party Tools: Some third-party tools and solutions specialize in providing advanced management and policy enforcement capabilities for macOS devices. These tools often offer more granular control over settings and policies compared to AD DS Group Policies.
4. Apple Business Manager: If your organization uses Apple Business Manager, you can use it to enroll devices and distribute apps and configurations. This platform integrates with MDM solutions to manage devices effectively.
5. Scripting and Configuration: You can use shell scripts, configuration profiles, and other custom solutions to apply specific configurations and settings to macOS devices. However, this approach requires scripting expertise and might not be as comprehensive as MDM solutions.
6. Custom Policies: Some MDM solutions and third-party tools allow you to define custom policies and settings that go beyond what's offered by AD DS Group Policies.
7. Security Tools: Consider using security tools and solutions designed for macOS that can help enforce security policies and monitor for threats on Apple laptops.

Remember that macOS and Windows environments can have different management paradigms, and it's important to find solutions that best fit your organization's needs. Evaluating MDM solutions, third-party tools, and Apple's own management offerings can help you find the right balance between user experience, security, and policy enforcement on macOS devices.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

If the reply was helpful, please don’t forget to upvote or accept as answer.

Best regards.

Apple themselves seem to really hate AD binding macs. For me it seems like it was always a Windows shaped peg in an Apple shaped hole. Honestly, most MDM's like an Addigy, JAMF, etc. have the ability to do authenticated login against a directory service so the users can just login with their Google/Azure credentials on the mac. On top of that you can really only update Apple devices nowadays with an MDM.