Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

  • Print
  • + Share This
Like this article? We recommend

Active Directory Improvements

Several changes have been made to Open Directory’s ability to integrate with Active Directory, both at the server and local levels.

Perhaps the biggest change is that Mac OS X now fully supports packet signing, meaning that Active Directory domains no longer need to have their security levels lowered to support Mac clients.

Also on the local level, Leopard has updated support for Active Directory sites and domain controller selection that function more like Windows clients than previous versions of Mac OS X, making such operations more predictable for Active Directory administrators trying to plan the most efficient configuration possible.

While the updates on the local level make supporting Mac OS X clients in an Active Directory environment much easier, the improvements to Open Directory under Leopard Server significantly improve the experience of creating an integrated environment with both server platforms.

One improvement is the ability for cross-domain authorization (which has been supported by Kerberos but previously not implemented in Open Directory), which allows for greater flexibility in configuring access to resources for users in different directory services domains (including Open Directory and Active Directory).

Another new technology is the use of augmented users or augmented records, which represent a new approach to integration in which Macs are joined to an Active Directory domain via an Open Directory server (also joined to Active Directory).

Most notably used in Leopard Server’s new Workgroup mode, augmented users are user accounts that exist in an existing directory services infrastructure (such as Active Directory) to which an Open Directory server is bound.

Authentication of the users continues to be performed using the larger directory system with no schema changes. However, because individual Macs are bound to the Open Directory domain and the user records in the larger infrastructure can be augmented to support Open Directory attributes, such as those used for Leopard Server’s collaborative tools and client management.

  • + Share This
  • 🔖 Save To Your Account