Tuesday, March 22, 2005


Integrating OS X with Active Directory

I was going to blog about my experiences integrating OS X 10.3 Panther with Microsoft Active Directory, however there doesn't seem much point to go into details now that Tiger is just around the corner, so I will just mention a quick overview.

Firstly, do not even bother trying if the Windows domain name is something like company.local. Mac OS X will get terribly confused as Rendezvous uses the .local suffix to represent resources on the same subnet, so it will not make DNS queries. There is apparently a workaround but it looked too scary for me.

Secondly, run "/Applications/Utilities/Directory Access" and select the "Active Directory" option. Configure your domain name and forest (the forest is the top level of a set of domains - if you have one domain only then enter it as the forest as well).

When you click Bind and supply appropriate credentials, a computer account is created in Active Directory which means that there is a trust between your computer and the active directory domain. This means that you can log onto your OS X client using your Active Directory user anem and password. Cool!

