OS X Server OPEN DIRECTORY v. ACTIVE DIRECTORY?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by zippyfly, Sep 28, 2009.

  1. zippyfly macrumors regular

    Joined:
    Mar 22, 2008
    #1
    Hi.

    Why do I see a lot of OS X Server deployments using AD integration?

    Why wouldn't a site just get away from AD and fully use OS X Server's Open Directory spec without having dependency on an AD server?

    (I see many of these sites use Mac OS X as a primary client and just a few Windows clients, not the other way around).

    Just curious what the "advantages" are, aside from perhaps inertia from a previous Windows topology.

    Thanks.
     
  2. JGruber macrumors 6502

    Joined:
    Feb 13, 2006
    #2
    In short, Mac's can join an OD or AD domain. Windows can't join a OD domain (that I'm aware of).

    You would need to know more about the network config. Maybe they use the AD server for DNS and DHCP. There are many reasons.
     
  3. foshizzle macrumors regular

    Joined:
    Oct 17, 2007
    #3
    I cannot say from firsthand experience, but I believe this is false. Both can connect to the other. OD is just openLDAP, and AD is microsoft's proprietary version of LDAP.
     
  4. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
  5. zippyfly thread starter macrumors regular

    Joined:
    Mar 22, 2008
    #5
    Hi guys - thanks for your inputs; as to the AD server doing DNS and DHCP, why wouldn't a site just migrate completely to OS X Server?

    It seems puzzling to me that when the bulk of computing is done on Macs, there's really not much need to have Microsoft servers on the backend.

    I guess what I am asking is, in other words, what can a Microsoft server do that OS X Server can't (especially when the clients are mostly Macs)?
     
  6. Metatron macrumors 6502

    Metatron

    Joined:
    Jul 2, 2002
    #6
    OpenDirectory in an enterprise environment is no replacement for Active Directory unless you are a mac only house.

    Both offer great benefits for managing their respective platforms. AD has more platform specific options, but the only logical reason I can see a mac shop using AD is for exchange.
     
  7. JGruber macrumors 6502

    Joined:
    Feb 13, 2006
    #7
    Thanks for that info... never knew that!

    In my little server world, we use both servers, that handle each client base. Of course my Windows network consit's of 1300 PC's, 8 servers. Mac's are only 50 with 2 servers.
     
  8. RedTomato macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #8
    I have more experience with Windows servers than OSX Server, but my impression is that like it or not, Windows offers more back-office and enterprise level applications / functions / utilities than OSX.

    I am sure someone here will correct me soon.
     
  9. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #9
    For example?
     
  10. nefan65 macrumors 65816

    nefan65

    Joined:
    Apr 15, 2009
    #10
    The only "Back Office" integration I'm aware of with a Windows Environment is the integration with specific MS products. Granted, there are some that are non-MS, and integrate okay. But if you look at Exchange as an example; the integration is that the user in AD can be associated with a Mailbox on Exchange. They'll also authenticate to the network/Exchange with said account.

    But the same can be said for non AD environments, and using OSX, or any other LDAP network. A good example of that is Novell, and their LDAP and GroupWise. Or a Linux LDAP deployment, and say an Opensource Mail product.

    I think the biggest reason for AD is that they have the market share at the moment. More businesses use AD vs. others. That doesn't mean it's better, just that there's more out there, and more to support it. I happen to think the integration of OSX LDAP and Linux is FAR superior to AD, personally. I support AD, and it's far too complex, and doesn't need to be. The tools for all their products are also fragmented greatly. Especially with Exchange 2007, and some of the newer BO products, and Windows 2003. Upgrading to the next version of Windows Server [2008] required updating SHCEMA objects, etc. Where as OpenLDAP you upgrade, and move on. Everything stays as it should...

    My 2 cents.
     
  11. foidulus macrumors 6502a

    Joined:
    Jan 15, 2007
    #11
    Yes and no, what actually happens is that Apple did a lot of the legwork in integrating the LDAP(OD) database into the Samba database. Windows is really connecting to the Samba, not the OD, but for the mostpart thats pretty much invisible to the user.
     
  12. bartzilla macrumors 6502a

    Joined:
    Aug 11, 2008
    #12
    Possibly the sysadmin has worked with Mac OSX server before and therefore knows what a bad idea that is.

    While there are some great parts to Mac OSX server, OD, etc, it's by no means as mature and comprehensive as the alternatives, yes including windows server/AD.
     
  13. RedTomato macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #13
    Agree. I would love it if the Windows Server systems I work with were more like OSX, and while I happily use my macbook to fix network issues, the fact remains that server deployments of 1000+ macs are extremely rare. I know of Apple itself, and a few universities, and that's it. I'm sure there's a few more but not many.

    Wheras with Windows and the various UNIX flavours, enterprise / multi-national level deployments are extremely common, so the code's been tested a lot, there's many experts, gurus, consultancies and guides out there, the code's battle tested (irrespective of whether it's actually any good or not).

    I'd probably go for OSX server for a small company, just to see what it was like, and I'm sure it'd work well but I don't know about larger companies.
     
  14. JGruber macrumors 6502

    Joined:
    Feb 13, 2006
    #14
    At my school, we actually use both.

    We have all of our staff computers, and student computers on a Windows/AD network, and we are talking about 1300+ PCs, and 8 Servers.

    We also have a Mac lab, with 50 iMac's, and 3 OS X Servers.

    Of course our Windows network handles all the DNS/DHCP services for all computers connected to our network, PC's and Mac's. Our Mac servers handle all the login and file sharing for all the Mac's on campus.

    Working in a mixed mode network has it's problems, but for the 4+ years we have had our Mac lab up and running, we have had little problems.

    I guess the thing to do is find out what works for you. Some people are just die-hard Windows for AD, and some are not.
     
  15. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #15
    Nah,
    I have 1,200 Macs on two campuses, 25 PC's and 27 XServes using Open Directory and 4 PC servers. The only issues I have at ALL are some HP POE-AP units making logins slow (but that's solved now).
    Also, most every school in this area are Mac but for one or two districts. One went with Citrix so you know that there isn't a whole lot of creative work going on there. South of me there's one with 1,000, and my hometown district has about 1,000 total. Heck, it's a no-brainer... TCO analysis from a capable brain demands Macs.
    I had an AD server for 25 PC's and it took more time and resources to tweak that than the Mac setup combined.
    As for "Windows offers more back-office and enterprise level applications / functions / utilities than OSX" I can't totally disagree with that. What I DID see was 1,219,990 different settings that could be done on the WIN box, of which any normal person might use a few dozen. I'm not in this to impress with my director skills... we need computers to work, work all the time, remain secure, and not impede creativity. And that's exactly what AD doesn't do. That AD box now serves up Anti-Virus Enterprise for my handful of HP desktops.
     
  16. DeepIn2U macrumors 68040

    DeepIn2U

    Joined:
    May 30, 2002
    Location:
    Toronto, Ontario, Canada
    #16
    What about scalability over a global domain? It's very complex but over larger and multiple forests it seems to do very well. Still have to learn a lot though.

    To the thread starter, where as in wht business are you seeing this primary server setup??


     
  17. zippyfly thread starter macrumors regular

    Joined:
    Mar 22, 2008
    #17
    Hi there - I see this for an academic network of K-12 schools. Multiple campuses.
     
  18. bartzilla macrumors 6502a

    Joined:
    Aug 11, 2008
    #18

    I had an AD server for 25 PC's and it took more time and resources to tweak that than the Mac setup combined.

    Without wishing to be rude, AD doesn't cause me or anyone else I know that much trouble, neither does OD. Your problems with AD - could it simply be that you're not very familiar with it?
     
  19. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #19


    I can agree to that... there was some time spent learning the GUI and truth be told I am no AD expert! But one HAS to admit it's perhaps the least intuitive interface in history. Here's one example, and please tell me if I missed something: On OD if I want to have an icon on the desktop, a link to a server on the Dock or an application icon placed somewhere else, it was literally one mouse click to accomplish this. On AD there is no one-click solution? To me its the TIME... I have little, and I hate bloat-ware.
     
  20. bartzilla macrumors 6502a

    Joined:
    Aug 11, 2008
    #20
    Hmmm.. And how many mouse clicks did it take you to get to the "one mouse click" in OD? This is the familiarity issue right here isn't it? You have to authenticate to OD, open the group of machines or users whos dock preferences you want to tweak - bit more than one click methinks.

    Having said that...
    AD isn't the easiest thing in the world to get to grips with. I think its far more powerful than OD but it is also considerably more work. To install an app, for example, you just publish its installer to the machines or users you want to have it, and it will take care of placing the shortcuts as part of the install. Not exactly one click... but not really that difficult once you know AD...

    I think in both cases you have to understand the philosophy of the product as well as having knowledge of the interface before you can even hope to make sense of what is going on. I've seen a lot of Windows admins come unstuck on a Mac (and a few going the other way), not because they can't understand the interface (we can all read & use help/google, right?) but because they don't take the time to understand the underlying approach behind the tool.

    I think knowing both makes you a better sysadmin too (Which is why I made the effort to learn about Apple stuff coming from a Microsoft background as I did). On the server part of my ACSA courses I was talking to the instructor about something he thought was a big problem with OD, and which I hadn't realised was a problem at all because the solution had been carefully documented and planned and I had carried it out dozens of times when the exact same issue occurred in windows AD & NT4 domains. I honestly thought he was going to break down and cry when I explained the solution and how easy it was...
     

Share This Page