How to Bind the Lion Server to Active Directory
To integrate a Lion server into an Active Directory environment, you bind the Lion Server to the Active Directory domain. Creating the link between the Mac server and Active Directory is called binding.
After you have the required information in hand and have ensured that DNS is working properly, you’re ready to bind the server. To bind your server to an Active Directory domain, follow these steps:
Launch System Preferences and click the Users & Groups icon.
The Users & Groups pane opens, as shown.
Click the lock icon to display a login dialog.
Enter your administrator login and password and then click OK to make changes to the Users & Groups pane.
Click the Login Options icon at the bottom left of the Users & Groups pane.
You see the available options. This pane provides access to set network directory configuration.
Click the Edit button.
A sheet opens that displays all network directories that the machine has been set up to access. The first time you bind a directory, you can see only the local directory server.
Click the Open Directory Utility button in the sheet.
The Directory Utility application opens.
Ensure that the Services icon is selected in the toolbar.
Services is the default.
Click the lock icon at the bottom left of the Directory Utility pane to access the login and password dialog; enter your administrator credentials again and then click OK.
Click the Active Directory line to highlight it.
Click the plug-in configuration button.
A sheet appears.
Type your fully qualified Active Directory domain name in the Active Directory Domain text box.
Click the Bind button.
The Network Administrator Required dialog opens.
Enter a network domain administrator login and password and then click OK.
This may not be the same as the local administrator credential you entered earlier. This must be a login and password that has rights to make changes to the Active Directory domain. If you’re unsure, contact your Active Directory administrator.
The Computer OU (organizational unit) text box typically has the correct information by default. If you’re unsure whether it’s correct, or if this text box is blank, contact your Active Directory domain administrator for the correct organizational unit to enter.
Another authentication dialog appears that asks for the local server administration credentials.
Enter your Mac OS X Server administrator credential and password and click OK.
The Bind button in the Directory Utility dialog changes to Unbind, which tells you that the binding has succeeded. The server is now bound to the Active Directory domain.
To test whether the binding is indeed successful, open a Terminal session to access the command line and type id AD user shortname. If the binding is successful, Active Directory returns the first 16 Active Directory groups of which the user is a member.