Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Open Directory and Active Directory

S

Silas1066

macrumors regular
Original poster
Nov 1, 2009
110
0
I am getting a new Mac laptop running OSX Lion and I might want to run Lion Server on it.

My company is a MS shop with AD.

I'd like to connect the system to AD but also use OD and related services on the Mac.

Can this be done? Is it horribly complicated and dangerous?
 
P

pismobrat

macrumors regular
Aug 13, 2007
104
0
Complicated? Depends on how you want to use it.

1) What roles do you want to run on the mac?
2) If you want to join Lion to the domain, it is a BAD idea to use it in a role where it is not consistently joined. When you get into cross domain replication of network information, it is just bad practice to try it the way you are asking about.
3) Can I suggest that if you’re going to try any "sandbox" testing to have a separate machine?
4) Back to #1 - make sure you are not enabling any roles that would conflict with the primary DC on your network - or multiple DC's
5) Do you do the support or do you have a IT Team? Are they willing to grant you access to bind a server to the AD network? If so and your needs are only for Read Access, they can setup a LDAP Read only access account.

I applaud you for looking into this, but bad things can happen if you’re not careful.
 
B

bartzilla

macrumors 6502a
Aug 11, 2008
540
0
What is the problem you're hoping to solve by doing this (seriously, knowing the answer to that will shape any in-depth answer to your question)

It can be complicated and certainly i'd be reluctant to do this if it was a network I was administering myself unless there was a very good reason (and just to be clear, that isn't me being on a 'sysadmin power trip', I would be equally reluctant to do it for myself as much as anyone else)
 
Mattie Num Nums

Mattie Num Nums

macrumors 68030
Mar 5, 2009
2,834
0
USA
The correct questions to ask would be the following:

1.) Is it a 100% AD environment
2.) Is OD in the environment
3.) Do you have management software such as JAMF Casper or Centrify
4.) Are you part of the IT department
5.) Why do you want Lion Server

Some Answers would be:

1.) If its 100% AD setting up the golden triangle with AD/OD can be very complicated and require a team to manage. If you are 100% AD you can do some free Apple Schema updates available via your local Apple Enterprise Rep or invest in a system called JAMF Casper which is amazing!!! It can use AD groups and push MCX's just like WM.

2.) If you have OD in the environment then I would talk to whoever admins the department about doing an AD/OD replication.

3.) If you have JAMF Casper you can just leverage MCX pushes and custom Extension Attributes to link to AD objects and groups. AD bindings are build into JAMF Casper.

4.) If you are NOT apart of the IT department do not attempt to do any of this without their blessing and involvement. Setting up rogue servers is extremely dangerous.

5.) Only you can answer that!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom