Preparing to Join an Array to Active Directory

There are several methods for joining the array to an Active Directory domain, including the following:

Method 1: Provide the username and password for a Domain Administrator or an Account Operator user account

An easy method to join the domain is to use an account with the proper role in an Active Directory. The array does not store the credentials. The credentials are used in a one-time operation to create the necessary Active Directory objects and trigger initial synchronization between the array and the newly created Active Directory credentials.

You can:
  • Provide the credentials for an existing Domain Administrator or Account Operator account while joining the domain.
  • Temporarily assign a new or existing user account to the default "Domain Admins" group or "Account Operators" group.

Method 2: AD administrator creates a machine account that lets you join the domain as a standard user

  1. An Active Directory Domain Admin or Account Operator can create a machine account in Active Directory for the array.

    This account can be under either the Computers OU (Organizational Unit), which is the default, or a custom OU.

  2. Record the account name and its OU.

    You only need to specify the OU if you create a custom one. You do not need to specify it when you use the default OU Computers.

  3. The Active Directory Domain Administrator or Account Operator must edit the machine account and provide write/modify permissions to the standard user account that will be used to join the array to the domain.

Method 3: Set up a dedicated OU where a user or group has the necessary privileges to create or modify array machine accounts

An Active Directory Domain administrator can create an OU specifically for the storage arrays:
  1. In the Active Directory Users and Computers (ADUC) right-click on the OU where the array's machine account will be created.
  2. Select Properties.
  3. From the top level, go to ViewAdvanced Properties.
  4. Select Permissions.
  5. Add the group with write access (or full access) to the OU.
  6. Add the standard user to the group that has access to that OU.