Steps to join the CFA to an Active Directory Domain

Setup DNS so the domain controller can be found with DNS


System > Settings > DNS, and in the DNS servers boxes, put in the IP address of the Domain Controller. For now, this should be the only DNS server.

Synchronize the clock


If there is more that 5 minutes difference in the time between the CFA and the domain controller, they might not be able to negotiate a secure communication, and domain joining will fail.
System > Settings > Time, and enter the IP of the Domain Controller. Click Query Server. You might have to refresh the page and log back into the webui if this changed the clock by much.

Join the domain


System > Settings > Active Directory. In the Search For field enter the name or IP address of the domain controller, and click find. After a few seconds, domain information should populate with some data about the domain.
Click join. Enter the username (without domain, so not like domain@user, domain\user or domain/user, but just user), and password for an account on the domain with enough rights to create a machine account, and create an SPN on that account. We recommend using a domain administrator account because an account delegated just for creating machine accounts might not be able to create the SPN. The dialog should now have the search box and find button greyed out, and should say on the status line "Status: Successfully joined to an Active Directory Domain". The CFA will make a machine account for itself in the domain, and forget the username and password that was used to create that account. Everything the CFA does with AD from now on will be done with the machine account credentials.