Welcome to the fold. Generally speaking, if you have AD, you do not want to reinvent the wheel by also deploying OD. While OS X Server can play a role in an AD environment, using it for authentication and authorization is not a good plan. You end up decentralizing your accounts/groups/passwords which is what AD is there for in the first place.
If you are binding and everything is working for some time, I suspect you may need to adjust the password reset of the binding record. When you bind a device to the domain, the computer record records a password in both AD and on the Mac. By default this password will randomize every 14 days. In some AD environments this results in a problem where the Mac will "fall off the domain" at exactly 14 days after the bind.
To test this theory, bind a Mac. After binding run this command on the Mac to set the password reset of the bind record to never reset:
sudo dsconfigad -passinterval 0
Wait 15 days. If you are still connected to the domain, that is your issue.
Run a man dsconfigad to check out the other hidden options. Not everything is presented in Directory Utility and certainly not in System Preferences.
If this is not the issue, I suggest looking into odutil. With this command you can enable debug logging of directory services. You may reveal the issue with the drop off.
(It has been my experience that the Mac is usually not the issue - there tends to be a DNS or time issue that results in the problem - are all your Macs synchronized to the AD domain controllers for time?)
Reid
Apple Consultants Network
Author - "El Capitan Server – Foundation Services"
Author - "El Capitan Server – Control & Collaboration"
Author - "El Capitan Server – Advanced Services"
