The Magic Triangle
Windows servers use Active Directory to provide directory services on a network. Apple’s Active Directory plug-in for OS X allows a Mac server to maintain information about Mac clients and allows access to enforce Active Directory policies and authentication.
In an Active Directory environment, Mac servers actually provide authentication of both Open Directory and Active Directory to the Mac clients. This dual authentication role allows policies to be implemented on the Mac server for Mac clients that are nonstandard in an Active Directory environment (such as Messages services or Contacts services), while allowing Active Directory to handle the network services that are common to Windows and Mac users on the network.
The Mac server’s capability to manage both Open Directory and Active Directory separately (and never the twain shall meet) is known as implementing the magic triangle, as shown in Figure 6-1. The Mac server handles the Active Directory piece of the puzzle by using the Mac’s Active Directory plug-in, which sets up a special account on Active Directory that translates network requests from Mac clients into the format that Active Directory expects from Windows clients.