Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1402173.1
Update Date:2012-06-26
Keywords:

Solution Type  Technical Instruction Sure

Solution  1402173.1 :   Sun Storage 7000 Unified Storage System: Admin user privileges required to join the ZFSSA to an Active Directory Domain  


Related Items
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
  •  




In this Document
Goal
Fix
References


Created from <SR 3-3740498461>

Applies to:

Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)

Goal

This document details the privileges required for the administrative user account used to join the ZFS Storage Appliance to an Active Directory Domain.

To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - 7000 Series ZFS Appliances

Fix

For the final step of joining the ZFSSA to an Active Directory Domain, accessed via Configuration / Services / Active Directory / Join Domain in the ZFSSA administration tools, an administrative account and password are prompted for.

The requirements for this account are a bit more stringent than they are to join a Windows server to the domain. One of the following sets of requirements must be met:

  • User account is a member of the global group Domain Admins in the target AD Domain.
  • User account has been granted full control to an AD container. If this container is in any other location than the standard "Computers" Organizational Unit, a computer account for the ZFSSA must be created in this location prior to the attempt to join the AD Domain (i.e. pre-staged).
  • A computer account must be created prior to the attempt to join the AD Domain (i.e. pre-staged). The user must be explicitly granted the right to join the account to the Domain in the computer account properties. The user must also be explicitly granted the special permissions Write userPrincipalName and Write userAccountControl

 

Back to <Document 1402353.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues.

References

<NOTE:1402353.1> - Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues

Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback