This entry is going to be one I come back to, or at least post multiple parts for, because AD/OD integration, while easy, can’t be considered trivial. This first part will just cover what the scope is, and how we can get to where we want.
At this point, all I have tried is basic integration and testing with PHDs (Portable Home Directories).
Basically, campus just brought up a new AD forest that is well designed, and centrally managed from the top, and rights given to each organization to manage their OU’s. Students exist at the top of the directory, and are not assigned to any lower level OU (because they can (and do) take classes from different units). Employees all exist within specific OUs (who employs them).
Initial testing was done when the AD was being designed on whether or not to extend the schema to include the Apple attributes. Turned out, it wasn’t going to work, because rights cannot be given to OU admins to assign schema attributes for accounts not in their OU (e.g. students).
So, currently, every term, we take a dump of the campus student “database” and find all the students that are taking classes within our unit. We then limit it down to just the uniques, run that through a program called Passenger and then take that output, and import it into WGM.