Mac OS X Server v10.6: Configuring service principals in Active Directory when using a disjoint namespace

Summary

If the DNS suffix of the hostname of your Mac OS X Server v10.6-based server does not match the domain name of your Active Directory domain, for example the Active Directory domain is ad.apple.com, but the Mac OS X Server hostname is server.apple.com, services may not be able to use kerberos properly.

Products Affected

Mac OS X Server 10.6, Microsoft Active Directory

Use ADSI Edit in Active Directory to edit the dNSHostName attribute of the Mac OS X Server computer record to reflect the correct hostname, and the service principals will automatically change. 

For example, if your Active Directory domain is:

    ad.apple.com

... and the Mac OS X Server hostname is:

    server.apple.com

Edit the dNSHostName attribute of the affected Mac OS X Server computer record from:

    server.ad.apple.com

to:

    server.apple.com

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.
Not helpful Somewhat helpful Helpful Very helpful Solved my problem