Your organization might require Active Directory-style authentication and authorization to support an enterprise application. The enterprise application can be any third-party service that integrates with Active Directory.
The DSfW integration with NSS for AD lets you access data on NSSAD volumes as a DSfW user by taking benefit of the single sign-on capability through Kerberos authentication.
The OES server can join any DSfW domain allowing users on DSfW to access AD enabled NSS volumes over the SMB protocol. DSfW users are considered same as AD users which enables them to take advantage of single sign-on through Kerberos authentication. The NSS for AD management tools, such as NURM and NFARM, can be used by DSfW administrators and users to manage file system trustees, rights, quotas, salvage and purge. DSfW environments can also take advantage of Dynamic Storage Technology (DST) and Distributed File System (DFS). Users of Active Directory domains and forests having bi-directional trust with DSfW domain can access the NSS volume.
Overall, OES server with NSS AD configured can join AD or DSfW domain and users of cross forest AD or DSfW domain can seamlessly access NSS volumes over the SMB protocol.
Below are some of the best practices for such deployments