Configuring Active Directory (CLI)

Use the following procedure to configure Active Directory (AD).

1. Go to configuration services ad.

   hostname:> configuration services ad

2. To view an existing configuration, enter show.

   hostname:configuration services ad> show
   Properties:
                        <status> = online
                            mode = domain
                          domain = eng.test.com
                          server = server-name.example.com
                     diagnostics = (unset)
   
   Children:
                             domain => Join an Active Directory domain
                          workgroup => Join a Windows workgroup

   Observe that the appliance is currently operating in the domain eng.test.com.

3. To join a new domain after the properties are configured, enter the following commands.

   When joining an AD domain, you must set the user and password each time you commit the node.

   hostname:> configuration services ad
   hostname:configuration services ad> domain
   hostname:configuration services ad domain> set domain=example.com
   hostname:configuration services ad domain> set user=Administrator
   hostname:configuration services ad domain> set password=(set)
   hostname:configuration services ad domain> commit
   hostname:configuration services ad domain> done
   hostname:configuration services ad> show
   Properties:
                        <status> = online
                            mode = domain
                          domain = example.com
                          server = server-name.example.com
                     diagnostics = (unset)

4. To configure the site and preferred domain controller in preparation for joining another domain, enter the following commands:

   hostname:configuration services ad> done
   hostname:> configuration services smb
   hostname:configuration services smb> set ads_site=sf
   hostname:configuration services smb> set pdc=192.0.2.21
   hostname:configuration services smb> commit
   hostname:configuration services smb> show
   Properties:
                        <status> = online
                    lmauth_level = 4
                             pdc = 192.168.3.21
                        ads_site = sf
   hostname:configuration services smb> done

5. To automatically configure the LDAP service for the currently joined AD domain, perform the following steps:
   1. Ensure the appliance is joined to the appropriate AD domain.
   2. Go to configuration services ad and enter ldap.

      hostname:> configuration services ad
      hostname:configuration services ad> ldap

   3. Confirm your action to automatically configure LDAP by entering y.

      Are you sure you want the system to automatically configure LDAP for this AD domain? y
      LDAP has been set up for use with this AD domain;
      Please navigate to 'configuration services ldap' to view or customize.

   4. To view the LDAP configuration, go to configuration services ldap and enter command show.

      hostname:configuration services ad> cd ..
      hostname:configuration services> ldap
      hostname:configuration services ldap> show

   5. To customize the LDAP service configuration, go to configuration services ldap and see LDAP Configuration.

      hostname:configuration services ad> cd ..
      hostname:configuration services> ldap
      hostname:configuration services ldap>

6. To leave the domain mode, join a Windows workgroup, and to clear the LDAP configuration that has been set for the current domain, enter the following commands:

   hostname:configuration services ad> workgroup
   hostname:configuration services ad workgroup> set workgroup=WORKGROUP
   hostname:configuration services ad workgroup> set unconfig_ldap=true
   hostname:configuration services ad workgroup> commit
   hostname:configuration services ad> show
   Properties:
                       workgroup = WORKGROUP
                   unconfig_ldap = true
   hostname:configuration services ad workgroup> done
   hostname:configuration services ad> show
   Properties:
                        <status> = disabled
                            mode = workgroup
                       workgroup = WORKGROUP

   Rules for setting property unconfig_ldap:

   • When LDAP has been configured with AD and the appliance is leaving the current AD domain, set this property to true to leave the AD domain permanently and to clear the LDAP configuration. After the LDAP service is unconfigured, it is automatically disabled.

   • Set this property to false if LDAP has been configured with AD and you want to later rejoin the current AD domain and retain the AD LDAP configuration.

   • This property cannot be changed from false when the LDAP service is not configured. Additionally, this property cannot be changed from false, and the LDAP configuration remains intact, when:

     • The appliance is not changing from domain mode to workgroup mode.

     • LDAP is configured for a different AD domain, not the current domain.

     • LDAP is configured for UNIX LDAP.

Related Topics

• Joining an AD Domain (BUI)

• Joining a Workgroup (BUI)

• Automatically Configuring LDAP for an AD Domain (BUI)

• LDAP Configuration

• Active Directory Join Domain

• Active Directory Domains and Workgroups

• Active Directory Windows Support