Configure an Active Directory provider

You can configure one or more Active Directory providers, each of which must be joined to a separate Active Directory domain. By default, when you configure an Active Directory provider, it is automatically added to the System access zone.

About this task

Note Image

Consider the following information when you configure an Active Directory provider:
  • When you join Active Directory from OneFS, cluster time is updated from the Active Directory server, as long as an NTP server has not been configured for the cluster.
  • If you migrate users to a new or different Active Directory domain, you must re-set the ACL domain information after you configure the new provider. You can use third-party tools such as Microsoft SubInACL.

Procedure

  1. Click Access > Authentication Providers > Active Directory.
  2. Click Join a domain.
  3. In the Domain Name field, specify the fully qualified Active Directory domain name, which can be resolved to an IPv4 or an IPv6 address.
    The domain name will also be used as the provider name.
  4. In the User field, type the username of an account that is authorized to join the Active Directory domain.
  5. In the Password field, type the password of the user account.
  6. Optional: In the Organizational Unit field, type the name of the organizational unit (OU) to connect to on the Active Directory server. Specify the OU in the format OuName or OuName1/SubName2.
  7. Optional: In the Machine Account field, type the name of the machine account.
    Note Image

    If you specified an OU to connect to, the domain join will fail if the machine account does not reside in the OU.

  8. From the Groupnet list, select the groupnet the authentication provider will reference.
  9. Optional: To enable Active Directory authentication for NFS, select Enable Secure NFS.
    Note Image

    If you specified an OU to connect to, the domain join will fail if the machine account does not reside in the OU.

    If you enable this setting, OneFS registers NFS service principal names (SPNs) during the domain join.

  10. Optional: In the Advanced Active Directory Settings area, configure the advanced settings that you want to use. It is recommended that you not change any advanced settings without understanding their consequences.
  11. Click Join.