Active Directory / Open Directory Questionnaire

Chad Nielsen -

This is a running list of questions to keep in mind when gathering information about Active Directory and Open Directory integration and deployment. It is unlikely you will need to gather all of this information unless you are implementing a 'magic triangle' solution. If Active Directory, Open Directory and DNS are functioning well on an existing network the Directory Utility plugins will be able to query and retrieve a lot of this information automatically.

 

Servers

What type of Active Directory server are you running (Win2k, 2k3, 2k7, 2k10)?

What is the IP of your Active Directory server?

What is the FQDN of your Active Directory server?

 

What type of Open Directory server are you running (Mac OS X Server 10.4, 10.5, 10.6)?

What is the IP of your Open Directory server?

What is the FQDN of your Open Directory server?

 

What are the IP addresses of your primary, secondary and tertiary DNS servers?

What is the IP address of your Network Time Server (NTS)?

 

Active Directory

What is the Active Directory Administrator username and password?

What is the name of the Active Directory forest?

What are the names of the Active Directory domains?

What format of Computer ID is expected on the network?

What is the custom search base?

 

Open Directory

What is the Open Directory Administrator username and password?

What is the IP of your Open Directory server?

What is the FQDN of your Open Directory server?

What format of Computer ID is expected on the network?

What is the custom search base?

 

Homes

What type of home folder will be implemented?

 

Local Home

This is the default when binding to AD or OD. Supports authentication and password policy.

 

Network Home

Supports authentication, password policy, increases network traffic, allows size limit of home folder and can be served out using AFP or SMB. This type of home folder is considered to be antiquated and is discouraged.

 

Portable Home

This is a new standard and requires Supports authentication and password policy. The home is both local and network based and you can configure the sync between the two. This is particularly effective for notebook users as their user can be restored to new laptop simply by logging into it. The syncing is far from perfect and the user will have to be aware of how to manage sync conflicts.

 

MCX

MCX stands for Managed Client for OS X. It is a set of managed preferences that matches Windows in Group Policy Objects (GPO). If you wish to manage your Macs using an Open Directory or Active Directory server you must be aware of your limitations based on your deployment strategy.

 

Active Directory server and Mac OS X Clients

If a Mac client is bound (or joined) to an Active Directory server it will have native support for authentication, password policy and all three types of home folders. If you want to be able to manage preferences on a Mac client you must either extend the Active Directory schema or implement third-party apps such as Centrify, AdmitMAC and LikeWise.

 

Open Directory server and Mac OS X Clients

If a Mac client is bound to an Open Directory server it has native support for authentication, password policy, all three types of home folders and all managed preferences.

 

Active Directory server, Open Directory Server and Mac OS X Clients (Magic Triangle)

In this scenario the Mac client is bound to the Active Directory and Open Directory server. It receives authentication and password policy from the Active Directory server and managed preferences from the Open Directory server. In this case the type of home folder can be managed by either server.

 

Last Modified by Chad Nielsen on November 1st, 2010

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk