AD and OD Scenarios

When we connect a Mac with Active Directory you add the authentication piece.  A user can authenticate a network account to the local machine.  AD tells the computer, "yes this user can login and this is what type of account they should have on the machine."  Connecting a Mac to AD is called binding.  See the article on manual binding of Macs to AD.

AD does authentication to the Mac but doesn't do authorization or management of the user or the computer on OS X.  Management can be added by an OS X server that has Open Directory (OD) running.  When we have these 3 parts, client, AD and OD we use the network to handle authentication and authorization.  This is called the Magic Triangle.

Some settings in the AD plugin on OS 10.4 and 10.5 will change the way AD accounts are accessed on the client computer.  The main two are "Create Mobile Account at Login" and "Force local home directory on startup disk". 

