Joining the D5000 to an Active Directory (AD) Domain.

Introduction:

While the D5000 supports both NAS and iSCSI, many prefer the advantages of NAS in that multiple users can collaborate and work with the same files. The caveat is the NAS requires users. If there are few users, the D5000 supports local user accounts. But corporations usually have a directory service like AD or LDAP that is preferred to used for user authentication. This KB shows how to join the D5000 to an Active Directory Domain.

Prerequisites:

If the D5000 has dual controllers it's a requirement that the management ethernet ports of both controllers be connected to the network. For a single controller D5000, the management ethernet port must be connected to the network.

Domain Password Length limitation:

There is a password length limit of 16 characters in firmware v13.04.0000.16 and earlier. This will be increased to 256 characters the next firmware relase. If you try join a domain with a longer password, it will fail. Please shorten the password to 16 characters or less as a workaround.

Configuration:

First the management port must be given an Internet Protocol (IP) address. A static IP is recommended.

The management IP will be the Floating IP. One controller will own the IP, but if there is a failover the IP will move to the surviving controller. The Static IPs should also be assigned IP addresses in the same subnet as the floating IP. The controllers can be accessed from these IPs if a controller goes into maintenance mode.

Next, the DNS server IP needs to be entered. It's important that the DNS IP be that of the Domain Controller. It will not be possible to join the domain if an external DNS server such as google DNS is used. The DNS is configured from the Global Settings tab in Management Network. It is important that the Default Route radio button be set to the Static IP or the Controller Managemeht IP setting. Do not set a secondary DNS IP.

NOTE: In newer firmware Static IP has been renamed to Controller Management IP.

Lastly, a requirement to join a domain is that the clocks be synchronized. The Windows Server hosting the Domain is usually configured to be an 'ntp' server, and connecting the D5000 to the Domain 'ntp' will keep the clocks synchronized.

The 'ntp' configuration is done from Device > Overview > NTP Setting.

First enable the ntp service, enter the ntp server name or IP and click Save.

Now that the configuration prerequisites are completed, the domain can be joined. Domain credentials will be required. Click Enable in Domain Settings, select Active Directory, enter the Domain Name, select the KDC from the pulldown menu, enter a username with authority to join the domain and that user's password. The Netbios Name will be either the first part of the domain name or the AD server's actual netbios name. Click Save.

Type CONFIRM in the popup window.

The D5000 is now joined to the AD Domain.


Contact Promise Technology Support
Need more help? Save time by starting your support request online and a technical support agent will be assigned to your case.

Promise Technology Technical Support >