Mac OS X Server as a front-end to AD

In trying to resolve an AD CPU usage problem (see my other post today), the question was asked of me whether it is possible for AD to supply user/authentication info to OSXServer, and for OSX clients to auth against OSXServer, instead of against AD. So, use the AD plug-in in OSX/OSXS 10.3.x to bind only our Xserves to the AD domain, and for clients to be bound only to OSXS through Open Directory/LDAP. I have had it working okay with the clients both to both AD and OD, obtaining user data from AD and Mac-specific info from OD. And I don't see a problem in binding OSXS to AD. The problem is -- can OD "re-publish" AD user information to OSX clients. Can OSXS make AD users visible to OSX via OD/LDAP, without OSX accessing AD directly? Client <-----> OSXS <----> AD I didn't think that OSXS could make a network directory source available as its own network-visible directory source; that you can use a network data source on OSXS as if they were local accounts, but not as if they were OSXS network accounts. [/list]