Comparing any Mac OS release with Windows is often like comparing aphids and orangutans. That is particularly true when looking at Apple's Mac OS X Leopard Server and Microsoft's Windows 2003 Server. Although they ultimately provide very similar features -- directory services, file and print services, various Internet services, and so forth -- the two platforms seem to be designed from completely different mind-sets.

An excellent example of this is the two companies' vastly different approaches to software licensing. Windows Server is available in around half a dozen different variations, each with different pricing and feature sets aimed at specific environments. By contrast, there is only a single version of Mac OS X Server that makes all features available to anyone who buys it.

Also, Mac OS X Server comes with only two license variations, a 10-client version and an unlimited client version. Leopard Server doesn't add the complication (or expense) of client access licensing. This is when administrators must buy licenses for each user or device that connects to the server, as well as a license to install and run the server operating system itself. Windows requires client access licensing.

Although the 10-client version of Leopard Server simply will not respond to more than 10 file-sharing clients at a time, other services are not actually restricted to 10 clients, according to Apple's specs. Costs aside, this makes licensing of Mac OS X Server far simpler and more predictable than Windows Server.

Despite their differences, the systems have a number of underlying similarities. Both Microsoft's Active Directory and Apple's Open Directory rely on a customized Lightweight Directory Access Protocol (LDAP) database as a repository for directory services, and both use Kerberos for secure authentication. Both Active Directory's Group Policies and Apple's Managed Preferences allow administrators to secure workstations and predefine many settings of the user experience of the operating system and applications.

Both also allow for replication of their directory services among multiple servers to boost fault tolerance and performance, particularly in organizations with multiple work sites connected by slow network links or with many users and workstations within individual sites.

Both offer file and printer sharing that can support multiple protocols, including the Windows native SMB/CIFS (Server Message Block/Common Internet File System), Mac native AFP (Apple Filing Protocol) and the Unix NFS (Network File System). Apple's support is somewhat easier to implement because options for all three protocols are automatically installed with the server operating system rather than being components that require additional installation. And both offer Web, e-mail, calendaring and other collaborative tools.

Major features

Directory Services and account management

Thanks to their reliance on LDAP and Kerberos, both systems have unique schemas that can be extended. Although Apple relies primarily on LDAP for authentication queries, Windows Active Directory clients natively prefer the proprietary ADSI (Active Directory Service Interface) protocol, though Active Directory supports LDAP as well. Both systems provide for secure authentication, and one can integrate Active Directory with Open Directory in a single network environment. In this integrated scenario, servers and clients of both systems can rely on a single directory services environment for authentication and management, or they can be part of a more complex environment combining multiple directory systems.

Active Directory is, however, more robust in some aspects. Although both systems support directory server replication, Active Directory traditionally sports better replication options. As one example, each domain controller can accept changes to records and accounts that are then propagated to all the others. Open Directory has always functioned in a single master server with many replicas, similar to the Windows NT primary domain controller (PDC) and backup domain controller (BDC) model, in which changes other than password updates must be made on the master and then copied to each replica.