In Snow Leopard Server it seems that someone at Apple figured out that a bunch of people were building these weird triangle, or dual directory, thingies. So, if you bind a Mac OS X Server to Active Directory and then open Server Admin and then click on Open Directory you’ll see a button to Kerberize Services. Once you’ve Kerberized the services, if you click on the Change… button for Role you’ll see a different option than you normally see when setting an Open Directory Master. In the Choose Directory Role screen you’ll see a new screen that tells you that you’re connected to another directory. It will then ask if you want to remain connected and setup an Open Directory Master, remain connected and setup an Open Directory replica or whether you would like to disconnect from the existing directory service and go back to a standalone directory model (at which time you would re-run the Open Directory Assistant if this were the direction you were looking to go).
Overall, this is a great new addition and while technically there’s not much different going on here, it at a minimum shows that the developers are acknowledging that there are a number of different setup architectures and that Apple is trying to bring these into more of a supported type of environment.
