« Calendar Stuff | Main | Microsoft Support Call »

August 21, 2007


Feed You can follow this conversation by subscribing to the comment feed for this post.

I don't know, Jason. It seems like you're on a slippery slope. Before we know it, you'll be blogging about clean lines and ease of use... celebrating Steve Jobs birthday...

You'll know I'm in trouble when I start wearing black turtle necks and refer to myself as iJason

Jason, we just migrated to Active Directory from Open Directory but still use OD for MCX/GPO's on our MAc's. I think Apple unofficially calls this the "magic triangle". We have had some pretty major problems with it. Anyway, if you have any questions I would love to help out.

Ryan - Installed it last night and started down the path of trying to figure out how to make it talk to AD ... then decided we prob should find some documentation to look over :-)
Yes, we'd love to hear your experience with this and get any tips that would be helpful. I'll shoot ya an email and try to get quick conf call setup.


Hi Jason,

We also set up the same thing here at New Life. I found some good documentation on integrating everything on afp548.com, and we've been using it with around 10 Macs for a couple of months now, to test things. So far so good, except for a couple minor issues here and there.

It's the same "Magic Triangle" setup that Ryan mentioned above. Our users log into their Macs using their Active Directory credentials, but the Macs are also bound to Open Directory, which enforces desktop policies.

Our password policies are enforced on the Macs (including prompt to change at login), and we're also using Portable Home Directories hosted on our Windows file server to backup critical user data. Entourage, VPN & our PEAP wireless network don't recognize the AD account info, so we have to manually change those passwords when the AD account password changes, but it's working pretty well so far.

I'd also be happy to chime in if anyone needs help. It was a long & frustrating experience for me because there was no really authoritative documentation on how to set it up. The afp548.com info was most helpful, and having a CTO who can hack UNIX was also beneficial. :>)


Some excellent information here especially in the comments! We only have five Macs (one is a "server", just running file sharing with a SCSI external array with standard OS X) and haven't delved into any sort of Apple server products. However, I have managed to join 10.4 machines to the domain and have done this twice, it's pretty easy in 10.4 (I'm working on a blog post about it that I might get to eventually but it's easy enough to figure out with Google).

Anyway, after seeing you post it reminded me of a short podcast episode about getting X Server to work with Active Directory over here: http://castingfromtheserverroom.com/podcast/2007/episode-62-os-x-and-active-directory It's about ten minutes long and differs from their standard format but although I had no use for it, it sounds like it could be useful to you!

Yeah.. Going through the same issues here at Kenneth Hagin Ministries. I have over 15 macs in our communications/video and then 15 in a lab. I want them to work with AD..yeah it's not been fun! I've got one Mac OS X 10.4 server. There is a church down in Ocala, FL trying to do the same.

Glad we aren't alone in this =]

I'm going to try to go to the round table event in KS. I love the internet!

Wait, you spent a grand on OS X Tiger server with Leopard server just around the corner? You're going to get a rude awakening when it's released...because Apple doesn't sell upgrades to their server packages, the new one costs the same as the old one. :(

We didn't spend a grand ... 25% discount baby!

And I've already got a quote for software maintenance to the next server OS release ... cause we knew it's coming in October via our Apple Enterprise rep :-)

The comments to this entry are closed.

My Photo


  • Jason Powell is the Information Technology Director at Granger Community Church. The views and opinions expressed here are not necessarily those of GCC ...
    or are they? Hmm???

Your email address:

Powered by FeedBlitz

Twitter Updates

    follow me on Twitter