I’m new to AD here but have been using OD on my Macs/Servers for about 4 years so I’m comfortable that. But when it comes to AD… not so much.

I’ve been recently forced by our head office to now authenticate all workstations to AD. I have my AD controller set up and can bind to it from windows clients and Mac Tiger and Leopard clients. My next step now is to bind my OD Master to the AD controller so I can continue to manage my Macs and use PHDs. I’ve read the various documents here, at bombich.com and at apple, but I’ve been unable to find any definitive answers.

My questions relate to the OD > AD binding…

1. Since my OD is on Server 10.4.11 I’ll have to stop kerberos in the Terminal using:

[code]sudo sso_util remove -k -a admin -p -r OD.MYCOMPANY.COM[/code]

Then bind the OD server to the AD controller using my special ‘bind’ account using Directory Access. And finally joining the AD kerberos realm in Terminal using:

[code]sudo dsconfigad -enablesso[/code]

Is this correct, or do I even need to stop kerberos first and just run the command? The IT guys at my head office said all I needed to do was bind the OD server without shutting down anything or restarting anything first – this did not seem right.

2. When this is done, will this allow me to migrate my Mac users over to AD authentication at my pace without disrupting the previously OD bound and managed Mac users?

Thanks for any info you can provide. I wish I had the luxury and time to set up a test environment for this but I’m under the gun time and money wise.