Entering Server into Domain
- Go to the tab Users -> Active Directory.
- Click Add.
- Fill in the following fields:
-
- Domain: enter the full domain name (domain DNS name, i.e., domain name, not domain controller). Maximum 64 characters. For example,
mydomain.example - AD DNS server: enter the address of the server that has the role of a DNS server in Active Directory (as a rule, one of the domain controllers), accessible from the local SafeUTM interface.
- SafeUTM server name: enter the server’s name. It can contain only letters (A-z), digits (0-9), and cannot begin or end with a hyphen. Maximum 15 characters.
- Login and password of a user with the right to join the domain: this data is not stored on the server and is used once to join the domain. The user doesn’t have to be the domain admin, but they must have the right to join computers to the domain.
- Domain: enter the full domain name (domain DNS name, i.e., domain name, not domain controller). Maximum 64 characters. For example,
An example of configuring integration with AD can be seen in the screenshot below:
Attention: at least one domain controller must be located in the local SafeUTM network (or be accessible via a local interface using configured routing).
The process of joining the domain after clicking on the corresponding button may take up to one minute.
It is possible to join the server to several Active Directory domains, with some features of work described in the article.
Configuring DNS to Resolve Local Domain Names
In the DNS server settings, in order for the synchronization of users and their authorization to work correctly, it is necessary to configure local domain name resolution on the server. To do so, in the DNS server settings you need to enter the Forward zone and DNS servers for it (as a rule, the main and backup domain controllers).
In SafeUTM the DNS Forward zone is created automatically when the server is entered into the domain, and there is no need to configure it manually. Create it manually only if you mistakenly deleted this zone from the DNS server settings or if you failed to join the server to the domain.
In the example:
- org.com - Active Directory domain name.
- 192.168.150.110 – domain controller IP address.
With this setup, computers can use SafeUTM as the preferred DNS server. At the same time, the resolution of local and internet names will work correctly, also for all services provided by Active Directory.