Active Directory Plug-in Tips

Some tips and information on the AD plugin.

Read on for some ideas about setting up home directories and links to other resources.

When you have to setup Open Directory to connect to an Active Directory Domain Controller, you can use the Active Directory Plug-in to bind to Active Directory and have items propagate from Active Directory to Open Directory.  The Active Directory Plug-in is actually a front end GUI application for the binary dsconfigad.  Keeping this in mind, if you cannot bind to Active Directory using the GUI, try using dsconfigad.

When using the Active Directory Plug-in, you will see four items that may seem foreign to you if you have not worked with Active Directory before.  These items are: Active Directory Forest, Active Directory Domain, “Use UNC path from Active Directory to derive network home location”, and “Network protocol to be used:”.

When attempting to bind to Active Directory, you will need to determine what the Forest and the Domain name are that you are trying to bind to.  All Windows Active Directory setups include at least one domain and one forest.  A basic Active Directory setup will have the same name for the domain and forest.

In a basic Active Directory setup, the domain will match the forest because the domain is a member of that forest.  With a Windows server, when you create the first domain controller and give that domain a name, the forest will also take on that same name.  Now, that is not to say that you cannot have different domains in the same forest; you can, in which case you leave the forest the same, but change the domain.  Remember that all domains belong to a forest, and multiple domains can belong to a single forest.

When using the “Use UNC path from Active Directory to derive network home location”, this will allow you to use the Active Directory home directory – which would be the directory specified under Active Directory Users and Computers for any user.  A UNC is a Universal Naming Convention and is used for mapping drives within the Windows Operating System.  An example of this is \servershare.  By default, a home directory is not created but it is best practice to do so in a Windows environment to ensure that the users' data is stored on the server for centralization of sharing, permissions, and auditing.  The option offered here will allow you to keep that structure in the Apple environment as well, allowing for Active Directory planned structures to be preserved (including mapped home directories that have been established in Active Directory).

For the option “Network protocol to be used:”, you can choose one of two protocols from the drop down menu: SMB or AFP.  This determines how a home directory is mounted on the desktop, and by default SMB would be used (which is usually what you will want to choose).  SMB is an acronym for Server Message Block.  This is the application level based protocol used by Windows to communicate with other Windows computers when accessing shares (this includes printers, files, and serial ports).  Unix variants can communicate using this same protocol with Samba.  The SMB option here will allow Apple workstations to communicate with the Windows server using the native protocol that Windows uses to communicate with it's files and directories.

More information can be found here:

Setting up home folders in Windows Server 2003: 

http://support.microsoft.com/kb/816313

Basic information on Forests and Domains for Windows Server 2000:

http://www.microsoft.com/windows/windows2000/en/advanced/help/sag_adintroTreesForests.htm

Managing Active Directory for Windows Server 2003:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/admng.mspx

How Domain and Forest Trusts Work for Windows Server 2003:

http://technet2.microsoft.com/WindowsServer/en/library/f5c70774-25cd-4481-8b7a-3d65c86e69b11033.mspx?mfr=true

Directory Access 1.5 Help: Learning About the Active Directory Plug-in

http://docs.info.apple.com/article.html?artnum=151443

djimenez

More Posts