AD Forest Tips and FAQs

Yes. In order to do this, you need to re-authenticate to the ADS. Configure using the "advanced ADS" option for AD authentication. See Apply AD Authentication with Advanced Options. You will need to exclude the domain using the AD Domains to exclude (Default = '') option.

Note: Entries in green are the unique values to enter for this example.

  1. Log in to the Appliance Controller CLI.
  2. Enter: 

    auth config ads nasadmin dc1

  3. Enter the ID mapping option to use (in this example, we pressed <Enter> to accept the default).

    4. ID mapping to use: qtm_guid, rfc2307, rid, or tdb (Default = qtm_guid):

  4. Enter yes to configure with advanced options: 

    Do you want to configure advanced options (yes/No)? yes

  5. Enter the domain or domains (by adding a comma between domains) to exclude: 

    AD Domains to exclude (Default = ''): DOM1, DOM2

  6. Enter the AD organizational unit (in this example, we pressed <Enter> to accept the default): 

    AD Organizational Unit (Default = 'Computers'):

  7. Enter the AD machine account (in this example, we pressed <Enter> to accept the default): 

    AD Machine Account (Default = NAS233):

  8. Enter yes to allow trusted domains (we excluded the two domains earlier): 

    Allow Trusted Domains (Default = 'no'): yes

  9. Enter the user account password: 

    Please enter the password for user nasadmin:

 

ADS authentication limits user access to the domain that it's bound to. If users from other AD domains need to connect to NAS shares that are in another AD domain that is part of the same AD Forest, configure the "advanced ADS" option for AD authentication. See Apply AD Authentication with Advanced Options.

Note: The entry in green is the unique value to enter for this example.

  1. Log in to the Appliance Controller CLI.
  2. Enter: 

    auth config ads nasadmin dc1

  3. Enter the ID mapping option to use (in this example, we pressed <Enter> to accept the default).

    4. ID mapping to use: qtm_guid, rfc2307, rid, or tdb (Default = qtm_guid):

  4. Enter yes to configure with advanced options: 

    Do you want to configure advanced options (yes/No)? yes

  5. Enter the domain or domains (in this example, we pressed <Enter> to accept the default, since we aren't excluding any): 

    AD Domains to exclude (Default = ''):

  6. Enter the AD organizational unit (in this example, we pressed <Enter> to accept the default): 

    AD Organizational Unit (Default = 'Computers'):

  7. Enter the AD machine account (in this example, we pressed <Enter> to accept the default): 

    AD Machine Account (Default = NAS233):

  8. Enter yes to allow trusted domains: 

    Allow Trusted Domains (Default = 'no'): yes

  9. Enter the user account password: 

    Please enter the password for user nasadmin: