Home Products Customer Success Stories Atlanta Journal-Constitution

The Atlanta Journal-Constitution - Leading media outlet manages 1,000 Macs with Microsoft Active Directory and Centrify DirectControl

The Atlanta Journal-Constitution (AJC) is the only major daily newspaper serving metropolitan Atlanta. The AJC, with a 73-county market area and the 16th largest distribution in the U.S., creates and delivers an enormous volume of content for its subscribers through its print and online publications. It operates the number-one local Web site in the Atlanta metropolitan area.

With nearly 1,000 Macs and more than 1,000 Windows systems, the AJC leverages the strengths of both platforms to prepare and present the news.

Integrating Macs into Active Directory

Challenges Centralize directory services Increase security Integrate Macs into Active Directory Reduce help desk calls Reallocate administrative services Maintain laptop-to-home-directory synchronization Solution Install Centrify DirectControl on all managed Macs - desktops and laptops Implement Microsoft Group Policies for configuration control Enforce standard security policies on all platforms Use Group Policy to manage synchronization transactions and intervals Results Macs are managed directly from Active Directory Reduced help desk calls Administrators freed for other tasks Screen saver lockout and other security policies enforced Parallel directory structure eliminated No user-initiated configuration changes and associated unintended consequences Story in PDF Format Return to Customers Page

The AJC chose to shift its Active Directory to a new domain in order to streamline integration with its parent company. This broad centralization of directory services in Active Directory added impetus to an ongoing review of the company's overall directory organization. At the time, the AJC's Macs were using Apple's Open Directory, while PCs were using Microsoft Active Directory. This increased overhead in several ways. It required two separate infrastructures in separate servers and backups to support separate directory services, and it increased administrative tasks by requiring parallel teams to manage and coordinate the separate approaches.

The transition to the new domain introduced other challenges. First, preserving parallel directories was not an option, nor was getting rid of the Macs. Second, when integrating the Macs into Active Directory, AJC managers wanted to synchronize home directories for the company's mobile users.

In addition, the Macs were not constrained by the same policies that the Windows systems were. Mac users inadvertently downloaded software, reconfigured their systems in unexpected ways and manipulated features, all of which resulted in increased help desk trouble tickets. A disproportionate amount of help desk time was spent assisting users with configuration and policy-compliance issues, as well as helping users maintain separate passwords.

Quick Deployment / Taking Control

The AJC IT project team, led by Brent Register, Manager of Client-Server Engineering, saw the domain change as an opportunity to bring the company's Macs into Active Directory. They looked at Apple's Active Directory client and Centrify DirectControl for Mac OS X to consolidate the Macs into Active Directory. Centrify DirectControl was appealing for several reasons. It enabled the complete integration of the Mac into Active Directory, and they could use the same administrative utilities to manage Macs as they did the Windows systems. DirectControl did not require any changes to the Active Directory schema, which reassured Active Directory administrators. And DirectControl's support for Group Policy enabled the AJC to use the familiar Windows utilities to assert the same level of configuration and strong password policy control over the Macs that they had over the PCs.

The installation process went smoothly. Each Mac joined the Active Directory domain, and the users were immediately able to use their Active Directory credentials to access services. Using Group Policy, the Client Server team enforces a default configuration for Mac users, preventing them from installing unauthorized software or changing their network configuration.

More Security / Easier Administration

By tying their Macs to Active Directory, The Atlanta Journal-Constitution has made significant gains in several areas. The company has simplified the administrative tasks of providing authentication and access control. It doesn't need to maintain parallel expertise in Open Directory administration. Because DirectControl lets the IT department control access to software installation and update options, the help desk receives fewer calls related to unexpected configurations on Macs. The company has been able to leverage administrators' expertise more appropriately, and the DirectControl Zone capability enables delegated administration to groups of Macs while providing more granular access control.

By using Group Policy, the AJC is able to enforce simultaneous and uniform policies across all managed systems. The company is currently running policies for synchronizing documents, screen saver time-out password activation and strong log-on password standard requirements. Using the Group Policy capabilities, nearly every user's Desktop, Documents, Library and any files in the root of the home folder are synchronized with a local server at log-on, log-out, and at 45-minute intervals in the background.

AJC users are also seeing benefits: they are no longer dealing with the unintended consequences of downloads and configuration adjustments; behind the scenes home directory synchronization has been streamlined courtesy of DirectControl; and the company is closer to its goal of providing a single sign-on for all users.

<< Return to Customer Success Stories Page