This situation creates a single point of failure; replicas will process authentication and other requests if a master fails, but updates other than password changes can't be made until the master is restored or replaced by promoting a replica. It has also traditionally had the potential to reduce performance because all replicas must update their information from a single source -- the master.

To some extent, this is changing with Leopard Server, which provides for two-tiered or cascading replication. This is when first-level replicas receive updates from the master, and a second level of replicas can update from the first-level replicas (referred to as relays when two-tiered replication is in use). This relieves some of the replication performance issues, but doesn't address the fact that the master remains the single point of modification for most accounts and records. As a result, in enterprise deployments, Active Directory still supports more complex replication topologies than Leopard Server.

Other ways Active Directory is more flexible includes the concept of forests, a method for grouping multiple Active Directory domains, each with its own namespace and set of accounts for users, groups and computers, and trusts, which allow accounts in one domain to access to resources in another domain. The ability to establish relationships among domains allows accounts in one domain to access resources managed by a different domain within the organization's infrastructure. This allows for a great deal of flexibility within a larger enterprise network.

Leopard Server offers some multidomain capabilities, particularly by introducing cross-domain authorization to let a single Open Directory domain to be subordinate to another domain in either Active Directory or Open Directory. It remains to be seen, though, just how much more flexible this will make Open directory when compared with Active Directory.

Despite the historic benefits of Active Directory, Leopard Server's Open Directory is still very viable for larger multisite infrastructures where Mac OS X Server had previously not been an optimal choice. It includes the ability to host a Windows NT-style domain, seamlessly responding to requests from Windows clients with the master server acting as a PDC and replicas acting as BDCs. Leopard Server also provides a great deal of dual-platform client support, including the ability to host roaming profiles.

It's not perfect, however. Active Directory provides little built-in support for Mac clients. However, Apple's use of Samba and LDAP means that Mac OS X can authenticate against Active Directory.

File and print services

Both server operating systems provide file sharing and print services. In a default installation, Windows Server support is limited to SMB/CIFS file sharing aimed at Windows clients, though optional installs of Services for Mac and Services for Unix provide support for other client types. Mac OS X Server, by contrast, includes full support for sharing over Apple's native AFP, SMB for Windows clients and NFS for Unix/Linux clients. Leopard Server also supports secure NFS access via Kerberos. File Transfer Protocol access is also included as a file service in Mac OS X Server, though it is somewhat difficult to consider it in same ballpark as the other three.

Configuring file services is arguably easier under Mac OS X Server. Certainly, the built-in support for multiple file- and print-sharing protocols gives Mac OS X Server a leg up in multiplatform environments. The support for all three protocols is much more streamlined and intuitive to manage than is relying on Microsoft's Services for Mac and Services for Unix under Windows Server.

In particular, Services for Mac has never been well-regarded, and there are multiple third-party AFP servers that deliver better Mac configuration options and performance for Windows Server. Extremez IP is the best-known of these third-party tools. In a number of situations, it can simply be easier to rely on Mac OS X's built-in SMB client than to rely on Windows' Services for Mac.