Active Directory? Can't get it to work.

It is possible to run your AD server as a VM on your Mac server as long as you are using a discrete IP address for the VM. This is a precarious setup however. If you are using Parallels desktop or VMWare you are using client based tools and you will have procedural startup issues.

Consider this. In a dual directory model (AD is the master directory and OD is the subordinate), you are 100% dependent on the function and existence of the AD domain and its services. This, most importantly, includes DNS usually published from the AD controller and time. So now you have the chick/egg conundrum. If you reboot the Mac server, OD will start first but will fail to find the AD domain because it has not started yet. To start the AD domain, you will need to (1) Login to the Mac server, (2) launch the VM tool, (3) launch the Windows VM, (4) restart OD and likely all of your services to ensure that they "see" the AD domain.

This is a very manual process and one that is ripe for conditional failures.

Running Windows in a VM is great for a lab device or for testing. But running an AD domain controller in a desktop VM for production I envision being a real headache to manage. If you are going to do this, you probably should be looking at Parallels Server or another product that can be daemonized to allow for automatic start of the VMs. However, even with this, the Mac services will start first and fail to acquire the domain.

Test this before rushing into production.

Hi

"Is the Golden Triangle achievable on a single MacMini running OS X Server and Windows Server in Parallels Desktop simultaneously?"

I did this a few years ago on a MacBook Pro using VirtualBox (which is free) as an experiment. It worked well enough although login was unpredictable at times and this was on a network consisting only of a handful of users - 3 macs, 3 PCs. But in all practical terms? Not really and Strontium90 has given you most of the reasons as to why not. However if you're determined to do it simply to answer your own question and through it gain experience, by all means have a go. You will in all likelihood be on your own though with very, very little support from anyone but yourself.

Doing it the 'other way round' ie: OS X Server in VM on dedicated Server hardware (a MacMini is not server hardware IMO) running dedicated Windows Servers gives better results.

HTH?

Tony

piperspace wrote:

It IS possible to bind Macs to both AD and OD at the same time. This is often done in large organizations so that users can login to Macs with AD credentials and also receive desktop preferences from a departmental Mac server. However, I don't think this is a good path to a solution for your problem.

I currently have this precise setup running, at a Uni, want to use credentials from the 'global' AD here (so the students don't have to have multiple login credentials, etc) but want to restrict who can actually log in to the lab's machines, share things from the labs servers, etc.

I -think- I've done it correctly, as it pretty much works (I have strange behaviors like having to login multiple times before the login 'takes') but there are a variety of issues here and there that I'd like to look into when I have the time. For example, the AD server sets everyone's shell as csh, but I'd prefer bash be the default. Yet, I can't seem to override this anywhere, etc.

So my question is this- is there a 'best practices' document out there for AD/OD integration? I pretty much had to ad-hoc my way through dozens of people's web pages, apple's docs, etc.

http://training.apple.com/pdf/wp_integrating_active_directory_ml.pdf

Exactly what I need. Thank you!