Open Directory and Active Directory

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Silas1066, Aug 23, 2011.

  1. Silas1066 macrumors regular

    Nov 1, 2009
    I am getting a new Mac laptop running OSX Lion and I might want to run Lion Server on it.

    My company is a MS shop with AD.

    I'd like to connect the system to AD but also use OD and related services on the Mac.

    Can this be done? Is it horribly complicated and dangerous?
  2. pismobrat macrumors regular

    Aug 13, 2007
    Complicated? Depends on how you want to use it.

    1) What roles do you want to run on the mac?
    2) If you want to join Lion to the domain, it is a BAD idea to use it in a role where it is not consistently joined. When you get into cross domain replication of network information, it is just bad practice to try it the way you are asking about.
    3) Can I suggest that if you’re going to try any "sandbox" testing to have a separate machine?
    4) Back to #1 - make sure you are not enabling any roles that would conflict with the primary DC on your network - or multiple DC's
    5) Do you do the support or do you have a IT Team? Are they willing to grant you access to bind a server to the AD network? If so and your needs are only for Read Access, they can setup a LDAP Read only access account.

    I applaud you for looking into this, but bad things can happen if you’re not careful.
  3. bartzilla macrumors 6502a

    Aug 11, 2008
    What is the problem you're hoping to solve by doing this (seriously, knowing the answer to that will shape any in-depth answer to your question)

    It can be complicated and certainly i'd be reluctant to do this if it was a network I was administering myself unless there was a very good reason (and just to be clear, that isn't me being on a 'sysadmin power trip', I would be equally reluctant to do it for myself as much as anyone else)
  4. Mattie Num Nums macrumors 68030

    Mattie Num Nums

    Mar 5, 2009
    The correct questions to ask would be the following:

    1.) Is it a 100% AD environment
    2.) Is OD in the environment
    3.) Do you have management software such as JAMF Casper or Centrify
    4.) Are you part of the IT department
    5.) Why do you want Lion Server

    Some Answers would be:

    1.) If its 100% AD setting up the golden triangle with AD/OD can be very complicated and require a team to manage. If you are 100% AD you can do some free Apple Schema updates available via your local Apple Enterprise Rep or invest in a system called JAMF Casper which is amazing!!! It can use AD groups and push MCX's just like WM.

    2.) If you have OD in the environment then I would talk to whoever admins the department about doing an AD/OD replication.

    3.) If you have JAMF Casper you can just leverage MCX pushes and custom Extension Attributes to link to AD objects and groups. AD bindings are build into JAMF Casper.

    4.) If you are NOT apart of the IT department do not attempt to do any of this without their blessing and involvement. Setting up rogue servers is extremely dangerous.

    5.) Only you can answer that!

Share This Page