I have a single label domain name that is the same as the name of the Forest. Try finding any information about the problems of a single label domain. I'll just say that the problems are numerous, vexing, and undocumented.
I don't know how much of the following is critical for the connection to AD, but I've worked so long and hard to get this working that I don't want to turn them off and on to try to break it. And given other posts about unpredictable behavior, turning them off and on may not even tell me which ones are necessary.
Read on for the configuration...
System Preferences > Network:
Configure IPv4: Using DHCP
Search Domains: DC=[my domain]
Directory Access:
Services enabled: Active Directory, AppleTalk, LDAPv3, SLP, SMB/CIFS
SMB/CIFS Configuration:
Workgroup: [my domain]
WINS Server: [IP of my WINS Server]
LDAPv3 Configuration:
Location: Automatic
Yes - Add DHCP-supplied LDAP servers to automatic search policies
I also have my LDAP server configured in the window below, but I disabled it and everything seems to still be working.
Active Directory Configuration:
Active Directory Forest: - Automatic -
Active Directory Domain: [my domain]
Computer ID: [unique label for computer]
Advanced > Administrative
Yes-Prefer this domain server: [my domain controller].[my domain]. (note the last period, may be important)
Yes-Allow administration by: domain admins, enterprise admins
Yes-Allow authentication from any domain in the forest
Now here's the trick: When you click [Bind...] and give it a Username with the correct credentials and the correct password, leave the COMPUTER OU: field blank!
I don't know why this works, but it does. I can unbind and re-bind my Mac to my heart's content, but if that field is populated I get errors.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20060310075328878