Configuring the Active Directory Domain for File Storage

The file storage service in Oracle Private Cloud Appliance enables users of Microsoft Windows instances to map a network drive, or mount a network share. Both the NFS and SMB protocols are supported, but for SMB it is required that the Microsoft Windows instances and Private Cloud Appliance belong to the same Active Directory domain. This section provides instructions to set up the Active Directory domain in the Service Enclave.

Using the Service Web UI

1. Verify that DNS is configured on the appliance.

   1. In the navigation menu, click Network Environment.

   2. In the Network Environment Information detail page, select the DNS Servers tab and make sure that DNS servers are configured.

   DNS is required because, during domain configuration, the system searches for a matching SRV record in order to locate the controllers of the Active Directory domain.

2. In the navigation menu, click Active Directory Domain.

3. Verify that no Active Directory domain is currently configured. The configuration details should show "Status = disabled" and "Domain = Not Available".

4. Click Edit to change the Active Directory domain configuration.

5. In the Active Directory Domain Setting window, enter these parameters:

   • the name of the Active Directory domain the appliance is meant to join

   • a user name and password that enable the appliance to join the domain

   • optionally, an organizational unit

6. Click Submit to apply the new configuration.

7. Verify that the Active Directory is configured correctly. The configuration details should show "Status = online" and the newly configured domain name should appear in the Domain field.

8. To remove the ZFS Storage Appliance from the Active Directory domain again, you must use the Service CLIas documented below. Refer to the final step in the Service CLI instructions.

Using the Service CLI

1. Gather the information that you need to run the command:

   • the name of the Active Directory domain the appliance is meant to join

   • an account (user name and password) with authorization to join the Active Directory domain

2. Verify that DNS is configured on the appliance. During domain configuration, the system searches for a matching SRV record in order to locate the controllers of the Active Directory domain.

   PCA-ADMIN> show NetworkConfig
   Command: show NetworkConfig
   Status: Success
   Time: 2021-12-17 12:20:51,238 UTC
   Data:
     Uplink Port Speed = 100
     Uplink Port Count = 2
     Uplink Vlan Mtu = 9216
   [...]
     DNS Address1 = 192.0.2.201
     DNS Address2 = 192.0.2.202
     DNS Address3 = 10.25.0.101
     Management Node1 Hostname = mypca-mn1
     Management Node2 Hostname = mypca-mn2
     Management Node3 Hostname = mypca-mn3
   [...]
     Network Config Lifecycle State = ACTIVE

3. Verify that no Active Directory domain is currently configured.

   PCA-ADMIN> show ZFSAdDomain
   Command: show ZFSAdDomain
   Status: Success
   Time: 2021-12-17 12:17:42,734 UTC
   Data:
     Status = disabled
     Mode = workgroup
     Service href = /api/service/v2/services/ad
     Domain href = /api/service/v2/services/ad/domain
     Workgroup href = /api/service/v2/services/ad/workgroup
     PasswordSet = false
     Preexist = false
     Workgroup = WORKGROUP

4. Configure the Active Directory domain by entering the name of the domain, and a user name and password that enables the appliance to join the domain.

   PCA-ADMIN> configZFSAdDomain domain=ad.example.com user=Administrator password=************
   Command: configZFSAdDomain domain=ad.example.com user=Administrator password=*****
   Status: Success
   Time: 2021-12-17 12:24:25,333 UTC
   JobId: 7e6abf2d-9f6a-4c32-8f18-5142f6eda3c5

5. Use the job ID to check the status of your command.

   When the job has completed successfully, verify the Active Directory zone configuration and status.

   PCA-ADMIN> show ZFSAdDomain
   Command: show ZFSAdDomain
   Status: Success
   Time: 2021-12-17 12:35:04,944 UTC
   Data:
     Status = online
     Mode = domain
     Service href = /api/service/v2/services/ad
     Domain href = /api/service/v2/services/ad/domain
     Workgroup href = /api/service/v2/services/ad/workgroup
     PasswordSet = false
     Preexist = false

6. To remove the ZFS Storage Appliance from the Active Directory domain again, set its configuration back to workgroup mode.

   PCA-ADMIN> configZFSAdWorkgroup workgroupName=WORKGROUP
   Command: configZFSAdWorkgroup workgroupName=WORKGROUP
   Status: Success
   Time: 2022-08-31 07:47:38,916 UTC
   JobId: 1329e43a-3ed6-4588-b90b-a45506271df8
   
   PCA-ADMIN> show zfsAdDomain
   Command: show zfsAdDomain
   Status: Success
   Time: 2022-08-31 07:48:07,837 UTC
   Data:
     Status = disabled
     Mode = workgroup
     Service href = /api/service/v2/services/ad
     Domain href = /api/service/v2/services/ad/domain
     Workgroup href = /api/service/v2/services/ad/workgroup
     PasswordSet = false
     Preexist = false
     Workgroup = WORKGROUP