uccwiki

This page is for describing the migration and current setup of the Active Directory domain at UCC.

The Active Directory domain at UCC will be ad.ucc.gu.uwa.edu.au, and the domain name is UCCDOMAYNE. The primary DNS server for domain is samson.ucc.gu.uwa.edu.au. The primary DC for domain is also samson.ucc.gu.uwa.edu.au, and a second DC is samurai.ucc.gu.uwa.edu.au.

Diagnostics

Sometimes group memberships don't seem to be updated, this can often be fixed by clearing the cache:

Upgrade/Setup Process

Domain Controllers

ad.ucc.gu.uwa.edu.au is delegated using separate zones in Mooneye's /etc/bind/named.conf.local

Samson's domain is set up by:

If upgrading from the old NT domain do:

Otherwise when adding additional DC's to an existing domain:

For all domain controllers

Windows systems

Just join them to the domain. Doesn't look like you need to create a machine account before joining?

Linux systems

Automatically using realmd

Thanks to realmd, joining machines to the domain is extremely simple.

Manual Method

Based on the instructions from https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member and https://wiki.samba.org/index.php/Authenticating_Domain_Users_Using_PAM Before configuring the domain ensure the following:

Things using LDAP

Anything that needs to bind to ldap to get a list of users can no longer do so anonymously. Encryption is still required. In AD, create a new bind user for the service called bind-<servicename>, put it in the Service Accounts group, and remove it from the Domain Users group. Then you can use this user to bind to the server.

Converted systems

Unconverted systems

uccwiki: OldActiveDirectory (last edited 2019-07-16 18:23:36 by frekk)