Learn more with dummies

Enter your email to join our mailing list for FREE content right to your inbox. Easy!

The Magic Triangle: Open Directory, Active Directory, and Lion Server

By John Rizzo

Windows servers use Active Directory to provide directory services on a network. Apple’s Active Directory plug-in for Mac OS X Lion Server allows a Mac server to maintain information about Mac clients and allows access to enforce Active Directory policies and authentication.

Directory services make a server administrator’s life much easier by providing a centralized repository for information about users, groups, and computers. Using directory services, administrators can consolidate users and computing resources into groups and then apply and enforce security and permissions policies across those groups.

In an Active Directory environment, Mac servers actually provide authentication of both Open Directory and Active Directory to the Mac clients. This dual authentication role allows policies to be implemented on the Mac server for Mac clients that are nonstandard in an Active Directory environment (such as iChat services or Address Book services) while allowing Active Directory to handle the network services that are common to Windows and Mac users on the network.

The Mac server’s ability to manage both Open Directory and Active Directory separately (and never the twain shall meet) is known as implementing the magic triangle. The Mac server handles the Active Directory piece of the puzzle by using the Mac’s Active Directory plug-in, which sets up a special account on Active Directory that translates network requests from Mac clients into the format that Active Directory expects from Windows clients.