Active Directory Prep
From FreeNAS using Active Directory Wiki
Revision as of 02:49, 25 April 2014 by Mauirixxx (talk | contribs) (added Windows time server info.)
- Create a DNS "A" record
- Create a FreeNAS user specifically for joining the FreeNAS server to the domain, named freenasAdmin
- Create a non-expiring password for user freenasAdmin
- Create a computer account in preparation for joining the FreeNAS server to the domain. The name should match the "A" record you created earlier.
- Before clicking OK to finalize the computer account creation, click "Change" and assign the previously created user "freenasAdmin" the ability to join the server to the domain
- NOTE: Normal users in Active Directory CAN join computers to a domain, but there's a predefined limit of to how many times (it's 10) this can happen - this may not apply to Server 2008 and above, needs verification
- Before clicking OK to finalize the computer account creation, click "Change" and assign the previously created user "freenasAdmin" the ability to join the server to the domain
- Afterwards, right click on the "freenas" computer object, and select Properties, then click on the Security tab, and give the freenasAdmin user "Full Control" and click OK.
- NOTE: If you don't see the security tab, you need to switch your view to "Advanced Features" - you can see where HERE.
- Verify the accuracy of your server's clock - since every computer joined in the domain will be using the DC as a time server as well, it needs to be accurate.
- From a CMD prompt, type w32tm /query /configuration - if NtpServer shows time.windows.com - you should really think about changing it.
- To change the time server to both use a more accurate clock, and redundant clocks, type the following:
- w32tm /config /syncfromflags:manual /manualpeerlist:"0.us.pool.ntp.org,0x1 1.us.pool.ntp.org,0x1 2.us.pool.ntp.org,0x1" /update /reliable:yes
- If you got any result other then "The command completed successfully", verify your command line. View an example successful result HERE.
- Restart the Windows time service by issuing both net stop w32time & net start w32time commands. View an example successful restart HERE.