If you are running Mac OS X 10.5, you must unconfigure the local LDAPv3 node before joining to Authentication Services by means of Active Directory. Problems arise with application of machine policy if you do not do this. If you are replacing an existing OpenDirectory or LDAP instance with Active Directory, unconfigure the corresponding LDAP node at this time.
To unconfigure an LDAPv3 node
To graphically join the domain
From this dialog you can also specify a number of optional join arguments before continuing with the join operation. For example, you can specify a specific Active Directory container in which you want to create the new computer object. (By default it is created in the Computers Container). For a detailed explanation of each join option, see the vastool man page located in the docs directory of the installation media.
The join operation may take several seconds, to several minutes depending upon your domain configuration. Domain Join progress is continuously updated as progress proceeds.
To leave the Active Directory Domain, repeat the join steps, except click Leave Domain instead. You do not have to supply Active Directory credentials when unjoining if you do not delete the Active Directory computer object. This option is available in the Leave Domain dialog options.
Use the vastool utility to perform a command line join.
At the command line, enter vastool join to join the Mac OS X system to an Active Directory domain.