Join Cloud Failover Appliance to Active Directory

  1. Set up DNS so the domain controller can be found with DNS.

    1. Go to SettingsNetworkingDNS.

    2. In the DNS servers boxes, put in the IP address of the domain controller.

    For now, this should be the only DNS server.

  2. Synchronize the clock.

    If there is more that 5 minutes difference in the time between the CFA and the domain controller, they might not be able to negotiate a secure communication, and domain joining will fail.

    1. Go to SettingsBasicDate/Time.

    2. Enter the IP of the Domain Controller.

    3. Click Query Server.

    You might have to refresh the page and log back into the CFA Management Console if this changed the clock by much.

  3. Join the domain.

    1. Go to SettingsNetworkingActive Directory.

    2. In the Search For box, enter the name or IP address of the domain controller, and click Find.

      After a few seconds, domain information should populate with some data about the domain.

    3. Click Join.

    4. Enter the username (without domain, so not like domain@user, domain\user, or domain/user, but just user), and password for an account on the domain with enough rights to create a machine account, and create an SPN on that account.

      We recommend using a domain administrator account because an account delegated just for creating machine accounts might not be able to create the SPN.

      The dialog should now have the search box and find button greyed out, and should say on the status line Status: Successfully joined to an Active Directory Domain.

The CFA will make a machine account for itself in the domain, and forget the username and password that was used to create that account.

Everything the CFA does with Active Directory from now on will be done with the machine account credentials.