Configuring Active Directory (CLI)

Use the following procedure to configure Active Directory (AD).

Go to configuration services ad.
```
hostname:> configuration services ad
```

To view an existing configuration, enter show.

hostname:configuration services ad> show
Properties:
                     <status> = online
                         mode = domain
                       domain = eng.test.com
                       server = server-name.example.com
                  diagnostics = (unset)

Children:
                          domain => Join an Active Directory domain
                       workgroup => Join a Windows workgroup

Observe that the appliance is currently operating in the domain eng.test.com.

To join a new domain after the properties are configured, enter the following commands.

When joining an AD domain, you must set the user and password each time you commit the node.

hostname:> configuration services ad
hostname:configuration services ad> domain
hostname:configuration services ad domain> set domain=example.com
hostname:configuration services ad domain> set user=Administrator
hostname:configuration services ad domain> set password=(set)
hostname:configuration services ad domain> commit
hostname:configuration services ad domain> done
hostname:configuration services ad> show
Properties:
                     <status> = online
                         mode = domain
                       domain = example.com
                       server = server-name.example.com
                  diagnostics = (unset)

To configure the site and preferred domain controller in preparation for joining another domain, enter the following commands:

hostname:configuration services ad> done
hostname:> configuration services smb
hostname:configuration services smb> set ads_site=sf
hostname:configuration services smb> set pdc=192.0.2.21
hostname:configuration services smb> commit
hostname:configuration services smb> show
Properties:
                     <status> = online
                 lmauth_level = 4
                          pdc = 192.168.3.21
                     ads_site = sf
hostname:configuration services smb> done

To automatically configure the LDAP service for the currently joined AD domain, perform the following steps:

Ensure the appliance is joined to the appropriate AD domain.

Go to configuration services ad and enter ldap.

hostname:> configuration services ad
hostname:configuration services ad> ldap

Confirm your action to automatically configure LDAP by entering y.

Are you sure you want the system to automatically configure LDAP for this AD domain? y
LDAP has been set up for use with this AD domain;
Please navigate to 'configuration services ldap' to view or customize.

To view the LDAP configuration, go to configuration services ldap and enter command show.

hostname:configuration services ad> cd ..
hostname:configuration services> ldap
hostname:configuration services ldap> show

To customize the LDAP service configuration, go to configuration services ldap and see LDAP Configuration.

hostname:configuration services ad> cd ..
hostname:configuration services> ldap
hostname:configuration services ldap>

To leave the domain mode and join a Windows workgroup, enter the following commands:

hostname:configuration services ad> workgroup
hostname:configuration services ad workgroup> set workgroup=WORKGROUP
hostname:configuration services ad workgroup> commit
hostname:configuration services ad workgroup> done
hostname:configuration services ad> show
Properties:
                     <status> = disabled
                         mode = workgroup
                    workgroup = WORKGROUP