Integrating OS X Server into an AD Environment

Server Setup

Install Leopard Server in Advanced Mode as a Standalone Server.

Server Admin: Add wanted services, configure, and start them (specifically SMB)

Directory Utility: Bind to Domain

  • Added AD Domain under the Directory Servers tab/icon and the binding to AD happened automatically under the Services icon/tab.
  • Advanced options: Use UNC path from AD using SMB
  • Default user shell: /bin/bash

Server Admin:

  • Enable Open Directory
  • Change settings of Open Directory: Promote the server to an OD Master.

Directory Utility: set the proper search order

  • Search Policy: Drag AD to be above the local ldap policy.  You can do the same for the Contacts Search order.

:: Adding management functions in OD to work with the AD groups ::

Open WGM (WorkGroup Manager) and login as the Directory Administrator (diradmin)

  • Greate a new Group and call it OD_Managed or similar (ie, school_staff, school_students)
  • Add new members: in the sidebar, switch the directory to AD and
    then click the groups icon.  Drag the appropriate AD container to the
    members window.
  • Set preferences for the group

Using MS ADUC, set the home directories for the users.. note that
you can setup and turn on SMB on the OS X Server, and point the users
home directories (via AD) to the leopard server’s smb share.

What you end up with is AD accounts mapped to their homedir with MCX policy enforcement.

Client setup

...coming soon…

Manual bind on client: Using Directory Util, bind to the new OD
Master server then bind to AD.  Place AD above OD in the search order.

login as test user…