Integrating Active Directory into Open Directory is now so easy you could probably do it with blink of your eyes (well, that may be a exaggerated statement, but you could probably do it in under 5 minutes).
10.4 & older MAC releases Active Directory integration was horrific most of the time. The last 10.4.11 server that I tried to join to Active Directory (just join, not even integrate) failed to login ever again. I’m sure that I could have troubleshooted the problem and fixed it, but it was easier for me to just upgrade the server to 10.5.
This time around, Apple has made a conscious effort to keep things simple. Granted, all of the same processes still happen in the background that happened manually before, but at least now they happen in a supported and automated fashion. Below is the new process for AD-OD integration assuming that you have a fresh install of 10.5 Server in advanced mode (or freshly demoted to OD Standalone) and a healthy DNS configuration:
- Make sure your server is an OD Standalone Server.
- Open the Directory Utility and join the Active Directory (use the FQDN of your AD domain)
- Open Server Admin and promote your server to an OD Master.
- …oops… there is no step 4?!?!?
That’s right ;) , only 3 steps. You will now notice that your server says under the OD overview that Kerberos is stopped and if you investigate further you will be able to see that you server is now properly joined to the AD Kerberos REALM and that all services have been “kerberized” via dsconfigad which was silently ran in background.
You can also refer
Comments