AD/OD Integration White Paper Question

[Anonymous]

I have just started reading through the [quote]AD/OD Integration[/quote] whitepaper provided by Joel Rennich on this site and so far find it to be concise well written. However, I do have a question. Unless I am missing something, there seems to be a conflicting statement made on page 5, paragraphs 4 and 5. Although Joel never states that an OD Master ever gets bound to AD (at least at this stage), he seems to suggest it when he writes [quote]One server is installed as an Open Directory master. Under 10.3 this server was best if it was not joined to the Active Directory domain. However, starting with OS X Server X you should have no issues joing the server to AD after making it an OS Master…[/quote]

and then later writes (in paragraph 5)…

[quote]Since your OD Master won’t be bound to AD, and thus can’t see the AD users itself, you will need to designate a client workstation as the [quote]admin[/quote] workstation…[/quote]

So my question is this: does the OD Master get bound to the AD domain or not? My understanding is that it does not. If not, why was that statement made in paragraph 4.

Thanks.

Jeff Yana

[Ross]

It depends… If your just managing via computer lists there is no need. But if your managing via OD groups with AD users or have shares on your master that AD users/groups will need to access you will need to.

[Anonymous]

[QUOTE][u]Quote by: Ross[/u]

It depends… If your just managing via computer lists there is no need. But if your managing via OD groups with AD users or have shares on your master that AD users/groups will need to access you will need to.

[/QUOTE]

I see. So this means that OS X Tiger Server is now doing proxy authentication to AD for authenticating clients, and that I can create my OD groups from the OD Master, without the need to setup an admin workstation bound to both domains?

Jeff Yana

[Ross]

There are many ways to do an AD integration and it all depends on your needs. For instance if you just want to manage preferences via computer lists and your homes are on your AD server, you just bind your clients to both your AD and OD server and use computer lists to manage prefs. In this case you don’t need to bind the Tiger server to AD.

If your hosting home directories or shares on your OD server you want to bind the Tiger server to AD. On the client end bind them to both AD and OD this will allow the client to login and AD or OD users. But you could just bind the client to just OD in this case.

You can also just bind a client to both OD and AD and login with WGM (on that client) and drag the AD users over to OD groups in this case you don’t need to bind the server but I would only do it this way for managing group preferences. Any shares or homes on the Tiger server I would bind the Tiger server to AD.

[Author]

Posts