Release notes
Join a SVM to an Active Directory domain in ONTAP
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
You can join a storage virtual machine (SVM) to an Active Directory domain without deleting the existing SMB server by modifying the domain using the vserver cifs modify command. You can rejoin the current domain or join a new one.
-
The SVM must already have a DNS configuration.
-
The DNS configuration for the SVM must be able to serve the target domain.
The DNS servers must contain the service location records (SRV) for the domain LDAP and domain controller servers.
-
The administrative status of the CIFS server must be set to “down” to proceed with Active Directory domain modification.
-
If the command completes successfully, the administrative status is automatically set to “up”.
-
When joining a domain, this command might take several minutes to complete.
-
Join the SVM to the CIFS server domain:
vserver cifs modify -vserver vserver_name -domain domain_name -status-admin downLearn more about
vserver cifs modifyin the ONTAP command reference. If you need to reconfigure DNS for the new domain, learn more aboutvserver dns modifyin the ONTAP command reference.In order to create an Active Directory machine account for the SMB server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the
ou= example oucontainer within theexample.com domain.Beginning with ONTAP 9.7, your AD administrator can provide you with a URI to a keytab file as an alternative to providing you with a name and password to a privileged Windows account. When you receive the URI, include it in the
-keytab-uriparameter with thevserver cifscommands. -
Verify that the CIFS server is in the desired Active Directory domain:
vserver cifs show
In the following example, the SMB server “CIFSSERVER1” on SVM vs1 joins the example.com domain using keytab authentication:
cluster1::> vserver cifs modify -vserver vs1 -domain example.com -status-admin down -keytab-uri http://admin.example.com/ontap1.keytab
cluster1::> vserver cifs show
Server Status Domain/Workgroup Authentication
Vserver Name Admin Name Style
--------- ----------- --------- ---------------- --------------
vs1 CIFSSERVER1 up EXAMPLE domain
