Register untrusted Active Directory domains

Contributors netapp-soumikd

You should register the Active Directory with SnapCenter Server to manage hosts, users, and groups from multiple untrusted Active Directory domains.

What you will need

LDAP and LDAPS protocols

  • You can register the untrusted active directory domains using either LDAP or LDAPS protocol.

  • You should have enabled bidirectional communication between the plug-in hosts and the SnapCenter Server.

  • DNS resolution should be set up from the SnapCenter Server to the plug-in hosts and vice-versa.

LDAP protocol

  • The fully qualified domain name (FQDN) should be resolvable from SnapCenter Server.

    You can register an untrusted domain with the FQDN. If the FQDN is not resolvable from the SnapCenter Server, you can register with a domain controller IP address and this should be resolvable from SnapCenter Server.

LDAPS protocol

  • CA certificates are required for LDAPS to provide end-to-end encryption during the active directory communication.

  • Domain controller host names (DCHostName) should be reachable from SnapCenter Server.

About this task

  • You can use either the SnapCenter user interface, PowerShell cmdlets, or REST API to register an untrusted domain.

Steps

  1. In the left navigation pane, click Settings.

  2. In the Settings page, click Global Settings..

  3. In the Global Settings page, click Domain Settings.

  4. Click add policy from resourcegroup to register a new domain.

  5. In the Register New Domain page, select either LDAP or LDAPS.

    1. If you select LDAP, specify the information that is required for registering the untrusted domain for LDAP:

      For this field…​ Do this…​

      Domain Name

      Specify the NetBIOS name for the domain.

      Domain FQDN

      Specify the FQDN and click Resolve.

      Domain controller IP addresses

      If the domain FQDN is not resolvable from the SnapCenter Server, specify one or more domain controller IP addresses.

    2. If you select LDAPS, specify the information that is required for registering the untrusted domain for LDAPS:

      For this field…​ Do this…​

      Domain Name

      Specify the NetBIOS name for the domain.

      Domain FQDN

      Specify the FQDN.

      Domain controller Names

      Specify one or more domain controller names and click Resolve.

      Domain controller IP addresses

      If the domain controller names is not resolvable from SnapCenter Server, you should rectify the DNS resolutions.

  6. Click OK.