REDELIJKHEID
The Microsoft Active Directory is a place where you can find different kind of objects;
One thing you don't find are generic devices. And with devices I mean devices according to the LDAP definition (ObjectClass: device).
Network Access Control (NAC) is hot in Enterprise environments. NAC offers an excellent mechanism to (safely) allow various devices network connectivity and staying in control as a network administrator. There are numerous ways to allow iOS devices, BYOD, CYOD, Corporate laptops onto your network without compromising valuable corporate resources.
In my line of work I deal with several vendors / solutions to create these NAC protected environments. The most popular at the moment are;
Both solutions have their pro's and cons. Juniper has an excellent client for the desktop to safely connect to the network, and an integration with their SRX firewalls to (dynamically) enforce firewall policies on a per user basis. Cisco on the other hand has a more flexible way of creating access policies, and the use of so-called downloadable Access Lists (dACL).