Active Directory Prep
From FreeNAS using Active Directory Wiki
Contents
Before we start
- There is little difference in the Active Directory setup between Window Server 2003 & R2, 2008 & R2, and 2012 & R2. Have not tested Server 2016 yet, but I assume it will be similar as well.
- We used a virtualized setup in order to create this walkthrough, using generic domain & computer names where possible.
- We used the private IP address range of 10.10.10.x - obviously you'll want to replace our internal IP addresses with your own
- We used a single Active Directory domain controller, to keep things simple. We then configured the following network settings, which is reflected throughout this document:
- Gateway: 10.10.10.1
- DNS: 10.10.10.3
- NTP: 10.10.10.3
- DC (Domain Controller): 10.10.10.3
- FreeNAS: 10.10.10.4
- We used a single Active Directory domain controller, to keep things simple. We then configured the following network settings, which is reflected throughout this document:
DNS Prep
- Create a DNS "A" record
Adding a FreeNAS user
- Create a FreeNAS user specifically for joining the FreeNAS server to the domain, named freenasAdmin
- Create a non-expiring password for user freenasAdmin
Pre-creating FreeNAS computer object in AD
- Create a computer account in preparation for joining the FreeNAS server to the domain. The name should match the "A" record you created earlier.
- Before clicking OK to finalize the computer account creation, click "Change" and assign the previously created user "freenasAdmin" the ability to join the server to the domain
- NOTE: Normal users in Active Directory CAN join computers to a domain, but there's a predefined limit of to how many times (it's 10) this can happen - this may not apply to Server 2008 and above, needs verification
- Before clicking OK to finalize the computer account creation, click "Change" and assign the previously created user "freenasAdmin" the ability to join the server to the domain
- Afterwards, right click on the "freenas" computer object, and select Properties, then click on the Security tab, and give the freenasAdmin user "Full Control" and click OK.
- NOTE: If you don't see the security tab, you need to switch your view to "Advanced Features" - you can see where HERE.
- Verify the accuracy of your server's clock - since every computer joined in the domain will be using the DC as a time server as well, it needs to be accurate.
NTP server prep
- From a CMD prompt, type w32tm /query /configuration - if NtpServer shows time.windows.com - you should really think about changing it.
- To change the time server to both use a more accurate clock, and redundant clocks, type the following:
- w32tm /config /syncfromflags:manual /manualpeerlist:"0.us.pool.ntp.org,0x1 1.us.pool.ntp.org,0x1 2.us.pool.ntp.org,0x1" /update /reliable:yes
- If you got any result other then "The command completed successfully", verify your command line. View an example successful result HERE.
- Restart the Windows time service by issuing the following command net stop w32time && net start w32time. View an example successful restart HERE.
- To change the time server to both use a more accurate clock, and redundant clocks, type the following:
FreeNAS setup
- If everything went ok, move on to FreeNAS setup
