Slashdot Mirror
Integrating Microsoft's AD into Apple's OD?
grag asks: "My workplace has started a migration to a unified authentication system using Microsoft's Active Directory, and Apple's Open Directory. We need to know if it is possible to place a Microsoft Active Directory server underneath a master Open Directory server in the hierarchy. The Microsoft server provides services only to our Accounting Department, and it seems to us that it should integrate to the Mac Server since all of our other departments use the Mac Server. Our network consists of fifty Macs connected to an Xserve running Mac OS X Server 10.3.6 Unlimited Client License. In addition, we have on a separate subnet five Windows boxes connected to a Microsoft Windows 2003 Server with a five-client license. Should I pursue this question or give up and place the Microsoft Server at the top of the hierarchy?"
I began to wonder if Samba integration to Open Directory was easy or not, so I looked it up - should have guessed, Samba is already built in to Open Directory!
So, if you're not using an application on the PCs that demands AD, then not using AD seems to be the answer.
However, I fear that you do really need AD, since otherwise your question is a bit pointless!
~~~~~ BigLig2? You mean there's another one of me?
I think you missed the key fact that the majority of the computers are macs. I might have agreed that AD is more flexible if they had all windows machines but thats not the case. I refuse to believe that MS-AD is more flexible in a multi-OS environment than Open Directory.
[insert lame joke here]
Should I pursue this question or give up and place the Microsoft Server at the top of the hierarchy?
While interesting, I would suggest that you look at Apple centric boards for resolution of this kind of question. How many Slashdotters know or care? Here's some examples:
- AFP 548
- OS X Enterprise
- Apple's Server mailing list,this question is right up that alley.
- X server boards on Apple's website
- Apple's PDF on Open Directory Administration.
I'm sure there's more, but those are the quick few that you could at least get better resources from if they don't directly answer your question. I won't kid you--I don't think it'll be easy. But it would be helpful to start with people that might actually know the answer, than to start with people that probably don't.You might also consider a Server Support agreement from Apple; they can help with this kind of integration. Sure, it costs; but then you didn't think that we'd do your job for you either, right? And I believe that you could get this kind of support for the cheapest plan: $5995, and even have a few more calls left over for the rest of the year.
--
$tar -xvf
1) drop Open Directory
2) drop AD, or
3) I welcome our new LDAP overlords
But unfortunately, the parent is lame for posting anonymously so flamebait he obviously is. Had he posted under an account, I would have not jumped to conclusions (damn I need to get my 'Jump to conlusions' mat back from the repair shop) that he was trolling. /end-rambling
[insert lame joke here]
I think the poster is asking if M$'s Active Directory will integrate with OS X, not if Apple can integrate with M$.
Try this resource first: http://consultants.apple.com/consultant/ It'll probably be cheaper and faster to get it right in the first place.
I've experienced this before. The reason that the acocunting department is likely seperate is because of the software they use. The XServe is capable of doing simple file/auth/print services, but what do you think is the backend of the accounting application? Probably MSSQL or Oracle, but likely some windows-only database. Poster wasn't asking how to migrate everything to non wintel, but directory integration.
Now seriously, parent +5? Propose a non-ms solution get modded up.