Guidelines for Working with Arrays and Active Directory

You can join an array to an Active Directory domain. The following list includes some guidelines to consider when working with arrays and Active Directory.

  • When you add an Active Directory user to a group that is authorized to log into the array, you must use the same username and password with the array that you use with all other AD-connected systems in the environment.
  • Disabling a user's Active Directory account also disables that user's access to the storage environment.
  • Joining an array to a domain creates an Active Directory account for the array on Active Directory. The default Organizational Unit (OU) for the account is Computers. You can create the account under a different OU.
  • The default name of the computer account is the first 15 characters of the array group name. You can specify a different computer name if you choose.

    If you use the default name, you must make sure that the first 15 characters of the array group name do not conflict with any other array group name that is in Active Directory. If you duplicate a group name, Active Directory removes the first version of the group name so that the new group name can join Active Directory. Consequently, the group with the duplicated name will not be able to log into the array even though it joined Active Directory first.

    Example:
    1. group-array-xxxx1 was the first group to join the Active Directory domain ZZZ. The default AD machine account name for the array is group-array-xxx because the group name truncates after the first 15 characters.
    2. group-array-xxxx2 was the second group to join the Active Directory domain ZZZ but the default AD machine account name would also be group-array-xxx because the group name truncates after the first 15 characters.
    3. Upon joining the AD domain, group-array-xxxx2 replaces the AD machine account from group-array-xxxx1 with an account for group-array-xxxx2. Group users are no longer able to log into group-array-xxxx1, although they can now log into group-array-xxxx2, which joined later.
  • Avoid using special characters in OU and Group names. If you use special characters, they must be preceded by a single backlash, and the entire argument must be inside either single quotation marks (') or double quotation marks ("). For a list of special characters, refer to the Reserved Characters table in Distinguished Names.
  • Active Directory administrators can create an account for the array in any OU and then can give storage administrators the privilege to join the domain.
  • After an array has joined a domain, you can enable and disable Active Directory authentication without leaving the domain.