Binding AD and Lion Server

How to bind a Lion Server to an AD and make use of the new Profile Manager functions on Lion Clients with AD accounts.

1. Setup Lion Client, and install Server Admin and Server apps

2. Change the name of the machine and use changeip -checkhostname to ensure

3. Enable OD with the Connected to directory option

4. Use Directory Utility to bind to the AD

5. Kerberize the services

6. Turn on the Wiki Server and check the web access to the wiki using an AD user. This should work.

7. Turn on Profile Manager and setup OD. Select the right certs for SSL. Enable signing of profiles.

8. In Server app, 2 ways of doing the setup.
a) Use the Users option and use the “+” button to import users from another directory. Search and select the users from the AD.
b) Use the Groups option. Go to View and select show system accounts. edit the group and add in the relevant group to allow access to the user profile management. If the name of the group is empty when editing, just fill it in with the same name again.

9. Login to Profile Manager as a user and add the Trust Certificate before enrolling the machine.

Update: This post is a little out of date. Once the OD Server has binder into the AD, you should be able to make use of the Server App and import AD users to be managed. However, it would be suggested to make use of groups or nested groups to manage your AD users instead. This would certainly make things easier to manage.