I've just authenticated my first Apple machine onto the active directory infrastructure. Yay!
The only thing I'm having problems with is specifying that the AD user is an administrator, and able to make changes. I don't see any interface for that.
Is there an interface in the system by default, or do I have to download the Server Admin Tools?
For the machine, Directory Services has moved from Utilities (Leopard) to System -> Core Services.
In here you can add specific users/AD groups to admin the machine.
There way to add directory users to the local administrators (or any other local group) of a machine:
Connect to localhost with Workgroup Manager
From the directory drop-down on the top-left, select "Local"
Select the group you want to operate on
Click the members tab of the group
Click the plus button to add a member
At the top of the slide-out list select your directory instead of the local directory
Drag the desired member or group in to the local group
In Leopard, at least, you can only specify groups with local administrative privileges. You can specify "ManagedBy" attributes in AD if you want to enable admin access for particular users.