AD does many things, many of them quite badly. If you need an drop-in
authentication server, you might consider if y9ou really need AD, or
if  Samba 4.1.x will do the job. I've got RPM building tools for that
at https://github.com/nkadel/samba4repo, and they work well on
Scientific Linux 6 with the necessary RPM's built up from scratch.

AD is handy for easy integration with Microsoft servers, such as
Exchange and SQL, and for providing Windows trained personnel familiar
tools. But its DNS is.... not good. It allows multiple PTR records for
the same IP address, configuring DNS views is a nightmare, its
"export" tool is a proprietary format that looks vaguely like valid
DNS but isn't, It does not understand that "foor.bar.com" may hve
*nothing to do* in any logical sense with "bar.com" DNS

If you need it for things like the authenticated dynamic DNS for your
laptops and wi-fi, and don't want to spend the time building up Samba
or similar tools, cool. But keep it the heck away from your server
DNS. If you need chroot cages and good source control managed
configurations backups consider looking up my presentation at SVNday
in Berlin a few years: "How to Subvert Masters and Slaves, BIND Them,
and Make Them Report Names and Addresses".


On Thu, Jan 9, 2014 at 9:37 PM, Jeremy Wellner
<[log in to unmask]> wrote:
> That's a resounding stay the course and I don't mind that one bit.  It's
> been rock solid and I've been happy with it.
>
> So as a secondary question, we are planning on adding Active Directory in to
> our network and I know that it is very particular about it's DNS.  Will AD
> be happy with being given a delegate domain to have as it's sandbox or does
> that throw my BIND install out the window?
>
> Thank you all for the advise!! :)