Bringing Mac OS X to Windows environment

* Apple has an active directory (AD) plug-in to integrate Mac OS X in a windows AD environment. The plugin enables Mac OS X clients to authenticate with AD server by binding to them using Directory utility and allows Mac OS X server to share folders and host user home directories using SMB or AFP protocols. AD password policies are enforced on Mac OS X clients. Single sign-on through Kerberos is also supported. Plug-in is site-aware and connects to the right site domain controller (DC) obtained from global catalog server. Plug-in has been successfully tested with Windows 2003 R2 in both native and mixed modes. AD plug-in supports Kerberos, LDAP, Kerberos password change (port 464), Global catalog (port 3268) protocols and AD related DNS records (SRV etc)

* DFS shares and GPO settings are not supported by the plug-in. A third party solution from Centrify or Thursby enables support on Mac OS X. Similarly, Mac OS X managed preferences are not supported by the plug-in, meaning they are not stored in AD without schema extension or deploying third party tools. Another option is to use Apple's Open Directory (OD) to stored managed preferences, while retaining AD for authentication.

* Mac OS X provides command line utilities such as dsconfigad, dscl and graphical utilities such as kerberos, directory to support windows AD integration.