Thanks again for your reply.
(A little background about the company so you get the picture: for years, the few, but now quickly increasing, OS X users, "have been on their own". IT helps them purchase the computers, but the users are on their own after that. IT is only concerned with Windows images and PCs. So the OS X users are creating local administrator accounts, not integrated with AD, not having home folders or printer access. Most OS X users have a corporate Windows VM on their OS X they fire up if they need SharePoint, printer or other corporate stuff. It's time to put an end to that. But we must try to do it smoothly - the users must keep their local admin rights and freedom.
We shall implement an Mobile Device Management (MDM) solution to push the Open Directory profile to the MacBooks.
I picture that in the login window, the existing OS X users, after MDM enrollment, will get the grey "Other" icon on the right, inviting them to login with their AD credentials.
And here "the new story starts", where they have access to corporate resources like printers, home folders, SharePoint and all the stuff they need, without use of the corporate Windows in the VM.
They might need to move their stuff from their previous local account to their new account.)
First one question: does the machine querying AD, has to be registered as a Computer in AD to retrieve response from AD?
In that case: if we register the name of the Macs in AD beforehand (or under MDM enrollment), will the registered AD user be able to authenticate from the registered Computer(Macbook) afterwards?
What we did to get OD response with the "id" command: We pushed an Open Directory/LDAP profile to the Macbook via MDM. That is how we bound the machine to Open Directory. But we did not log on to the Macbook with the Open Directory credentials, only with the existing local account. But since it was bound to OD via the MDM profile, and we did the "id" command for a "Local Network Account" registered on that OD, we got a response.
That said, we have also tried to go to the login window, and the grey "Other" icon appears to the right of the local users registered.
Scenario A: We entered the OD registered user ID (different from the locally registered IDs on the Macbook) - and we got a successful login.
Scenario B: We entered an AD registered user ID, but the login was unsuccessful. Maybe because the Computer name is not registered in AD?
I shall try to get the Macbook we are testing with, registered into Computers in AD.