The first thing I want to walk through is Open Directory, OS X’s directory services implementation (roughly analogous to Microsoft’s Active Directory). Many of OS X Server’s other services rely upon or make use of a directory in some way, so it’s important to know how it works.

Veterans can probably skip this section, since the basics of Open Directory in Lion Server is basically identical to previous versions. Pick back up in the Profile Manager section for things that will be new to you.

For those of you who have no experiences with directory services, a brief explanation: imagine you’re the IT support person for a business of, say, 50 employees, and each of those employees has a computer. So you don’t have to manage all of the user accounts on those computers manually, you want to have all of their usernames and passwords stored on your server so that you can keep better track of them. You can also organize users into groups, so that if you have one particular attribute to apply to many different accounts, you can do it once to the group instead of once for every member of the group. This is the essence of Open Directory and other directory services.

It goes further than that: with centrally stored credentials, you can also more easily manage access permissions on file shares or enable your employees to use the same username and password to login to multiple computers. You can control password requirements and store relevant information (email addresses, etc.) about your users. You can also tie other products into your directory so that your users can use the same credentials to access email or internal websites. The list goes on.

OS X Server can either host its own directory (using Open Directory), tie into another, pre-existing directory service (like Active Directory), or both (using Active Directory to manage credentials but Open Directory to manage Apple-specific functionality - Apple calls this a “golden triangle” configuration, and it’s a bit outside the scope of this review). For our purposes, we’ll setup a standalone Open Directory that we’ll then use with other services throughout the review.

Open Directory setup is one of the few things that can still be done with both Server.app and Server Admin, though the approaches differ:

In Server.app: Go to the Manage menu and click Manage Network Accounts.

You’ll be asked to create a Directory Administrator account (which will differ from the local administrator account) - this is done to enable users to manage the directory without giving them control over other server functions. The default is diradmin, and that’s what we’ll go with.

Enter your organization’s name and your admin’s email address, and click through the rest of the prompts - you’ll have a quick and easy directory setup with a minimum of fuss.

In Server Admin: To enable Open Directory in Server Admin, make sure the Open Directory service is viewable, and select it. In the Settings tab, click the Change button next to the server’s Role.

Here, you’re given three choices. We’ll want to set up an Open Directory master, but you can also connect your Mac to another directory (like Active Directory) or set up an Open Directory replica here. For the uninitiated, an Open Directory replica connects to an existing Open Directory master and mirrors every change made to the master - this can provide for load balancing (in an organization with many Macs) or automatic failover in the event that one or the other server crashes (Macs connected to an Open Directory master will automatically fall back to the replica if the master fails and vice-versa).

Anyway, elect to setup an Open Directory master, input your desired Directory Administrator credentials, input your organization name and admin email address, and you’re set, same as with Server.app. If you want to set a different Kerberos realm or LDAP search base, you can also do it here (but if you don’t know what that means, the default settings are fine).
(screenshot)

You can also use Server Admin to backup or destroy a directory you’ve made - to backup, just use the Archive tab to save and restore copies of your directory’s data. To delete the directory, go to the Settings tab, click Change next to the server’s Role, and select Set up a standalone directory.

Once it's running, you can go ahead and bind client computers to it: in OS X, this is accomplished by going to the Accounts preference pane, clicking Login Options, and clicking the Join button next to Network Account Server.

Enter your server's address in the box that pops up and click OK. If successful, you should now see a green dot followed by your server's address, and you should be able to login to your client computer with any of the user accounts you create (we'll go over that next).

Now that you've got a working directory server with some clients attached, let's show you what you can do with it.
Server.app and Server Admin Overview Open Directory: Creating Users and Groups and using Workgroup Manager
Comments Locked

77 Comments

View All Comments

  • GrizzledYoungMan - Tuesday, August 2, 2011 - link

    I probably should have toned down my sarcasm a bit, but my point is that while yes, Apple said they support SMB since 10.2, it just plain old doesn't work right.

    Google Thursby DAVE to see what I mean.
  • repoman27 - Tuesday, August 2, 2011 - link

    I'm familiar with DAVE, and you're right that obviously much is to be desired with Apple's SMB implementation if there is still an aftermarket product that costs more than the OS itself just to fix this particular issue.

    I kinda feel like more of the problem has to do with Mac OS X's lack of native support for NTFS though, rather than SMB actually malfunctioning.

    I chuckle that while you're thinking about "all the time that has been wasted trying to get OS X desktop clients to do things that have worked out in the real world for years now," I'm thinking about how much time I've wasted trying to get Windows Home versions to do things that Microsoft has artificially prevented them from doing so that they could sell customers an "upgrade". For instance, try setting up file sharing with user-level passwords and NTFS permissions on a network with Windows XP Home and Widows 7 Home Premium machines...
  • GrizzledYoungMan - Tuesday, August 2, 2011 - link

    You'll get no argument from me that Windows' tiered pricing is a bummer. Up-selling is sleazy.

    But overall, I'd say that Windows actually represents a better value if you make the right upgrade choices (ie, XP straight to 7). For the price of a few of Apple's annual updates, you get something that lasts a few years longer, does a lot more, and puts you through the OS-version-transition rumpus less frequently.

    While I can understand why the press loves the frequency of OS X revisions, I don't see it as a good thing for the user (and certainly not my own personal experience). Upgrading your OS is a pain, and to do it every year - lest you suffer the consequences of running a two year old, unsupported version of OS X - is a burden. And as I mentioned, the end result of this accelerated schedule is that the end users become the beta testers.

    No wonder they're getting out of the desktop business. They can't handle anything much more complicated than a mobile phone OS.
  • repoman27 - Tuesday, August 2, 2011 - link

    Since version 10.3, Mac OS X has been on a major revision update schedule that is much closer to once every 2 years (Leopard actually came 2.5 years after Tiger). In the early days of Mac OS X there were some teething issues that resulted in a more rapid release cycle, but I also seem to recall Microsoft releasing Windows 98, 98SE, ME, and 2000 in rather quick succession.

    Mac users are also free to skip every other version. Not to mention that upgrade pricing for Mac OS is way cheaper than Windows when you realize that you're getting the full-feature client version with a far more liberal license scheme and no activation based copy protection for $30. How much would it cost to legitimately upgrade every machine that you own or control from Windows Vista Home Basic 32-bit OEM to Windows 7 Ultimate 64-bit?

    Apple released updates for Tiger for more than 3 years after it was discontinued. I guess if they had a stubborn enough install base they would be forced to continue support for a 9 year-old version of their OS as well.

    What does a client version of Windows itself do that Mac OS does not, aside from allowing playback of Blu-ray discs?

    If you've ever bought a retail Windows machine, you probably know that out of the box, under normal usage, the thing will be all but unusable in less than 18 months time, forcing you to buy another cheap POS Windows machine, or to perform a clean install of your OS. I love sacrificing 16% of a new system's performance to anti-virus software right off the bat, too.
  • RubberJ - Tuesday, August 2, 2011 - link

    My system has been running Win7 since RTM and hasn't slowed.

    And does Antivirus really take 16% of your system performance or are you just talking out your arse?

    http://www.tomshardware.com/reviews/anti-virus-vir...

    Just as i thought...mac fanboy alert...
  • repoman27 - Wednesday, August 3, 2011 - link

    Yeah, as soon as I posted that last comment I realized I had crossed the line into religious war territory.

    My point about crappy system performance and having to reinstall the OS was regarding the way retail PC's come preconfigured, and what the typical end-user then subjects them to, not your particular case. My personal Windows systems (I do actually use Windows on the daily) tend to work fine for years, but then again I also spend a lot of time building performance tuned system images. I also don't personally run antivirus software anymore, because I'm not a sucker.

    As for that, I tend to refer more to the testing done by AV comparatives, and my own personal testing, but I certainly wasn't talking out my arse. 16% may indeed be hyperbole when talking about a new Sandy Bridge based system running Windows 7, but not at all on legacy equipment running XP or when running in a virtualized environment.

    Anywho, my initial intent was merely to clarify various exaggerations or inaccuracies in this thread, but I guess I did end up painting myself as the fanboy with that previous rant.
  • Wizzdo - Wednesday, August 3, 2011 - link

    As a power user, developer, and servicer for Windows and OS X I can tell you quite simply that, relative to OS X, Windows is an expensive frustrating bag of hurt for a great many typical users. OS X comes with a fantastic suite of software tailored very well to work with the OS and the OS is in turn tuned very well to work with the Hardware. Updates (even Major ones) are painless and offer excellent value for the investment. They are generally highly looked forward to by most OS X users.

    Anyone who claims Windows and a generic PC will likely serve the average user better simply does not have a clue. There really is little comparison now and OS X Lion just pushes the experience that much further ahead.

    For much of my day I am forced to use Windows to develop SQL Server infrastructures. SQL Server is IMHO the best piece of software Microsoft has ever managed to make. However, my blood pressure drops considerably when I get to boot back into OS X where I can get some creative work done in a responsive pleasing modern environment that does not feel like a thinly veiled version of DOS.

    Apple gets it right and that is why they are the revered technology leader in the industry right now.

    Timemachine alone is worth the price of admission for anyone who values there work and wants effortless trustworthy backup and retrieval of it. Watch MS scramble to get this into their next OS just like so many other features. Apple didn't invent them all but knows how to make them work the way they should.
  • GrizzledYoungMan - Wednesday, August 3, 2011 - link

    I would just like to point out that Wizzdo lives in a universe in which Windows 7 is a thinly veiled version of DOS, and Timemachine is a novel, useful feature.

    Sigh. OS X users.
  • ex2bot - Friday, August 5, 2011 - link

    Actually, Time Machine IS a useful feature. Is it "novel"? It is novel in the sense that it is drop-dead simple. You plug in an external drive and click the 'Yes' button. Then as long as it is attached it makes complete + sequential backups. I use it on my Macs. I also clone periodically. Well, I don't clone. My drives do.

    The backup review interface works well, too. It's basically a specialized Finder window. I admit the star field is . . . interesting.

    GrizzledYoungMan, has Time Machine not been useful for you? What happened when you used it? It's worked for me on multiple machines. Backing up is useful because hard drives fail eventually. Even hard drives attached to Windows PCs.

    And Windows 7 *is* a thinly veiled version of DOS. See, Windows just a shell that sits on DOS. . . Nahhh! I'm just kidding ya. I know it's son of NT (or grandson maybe).

    Ex2bot
    Positronic Mac Fanbot ("Cannot harm humans" is just a guideline, I believe.)
  • justinf79 - Friday, August 5, 2011 - link

    Way to show your ignorance there buddy...

    Windows, the security/virus nightmare where you're bombarded by OS security patches daily gets old fast. And quite frankly OS X is more powerful AND simpler. Windows has always been garbage.

Log in

Don't have an account? Sign up now