search cancel

Steps to join a Windows Domain

book

Article ID: 166420

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

This article describes how to join a Windows domain. 

Note: This procedure applies to SGOS 6.6.x and later. 

Resolution

Complete the following steps:

 

Integrate the ProxySG Appliance into the Windows Domain

To integrate the ProxySG appliance into one or more Windows domains, you must complete the following tasks:

  1. Synchronize the ProxySG Appliances and Domain Controllers Clocks 
  • The ProxySG appliance cannot join a Windows domain unless its internal clock is in sync with the Domain Controller. To ensure that the clocks are synchronized with the Domain Controller clock, use either of the following techniques:
    • Configure the ProxySG appliances to use the Domain Controller as the NTP source server
    • The ProxySG appliance NTP configuration options are located on the Configuration > General > Clock tab.
  1. Join the ProxySG Appliance to the Windows Domain
  • After you have synchronized the ProxySG appliance’s internal clock with the Domain Controller, you can join the appliance to one or more Windows domains as follows:
    • From the ProxySG Management Console, select Configuration > Authentication > Windows Domain > Windows Domain.
    •  In the Hostname panel, specify the hostname to use:
      • (Recommended) Select Use Default - {SG-serial_number} to use the default hostname.
      • Select or specify a different hostname.
        • Note: Unless you have a specific need to use a particular hostname (for example, to ensure correct DNS lookup), Symantec recommends that you use the default hostname to guarantee that each appliance’s hostname is unique. In addition, you must use unique hostnames for multiple ProxySG appliances joined to the same domain.
    • Click Apply
    • Click Add New Domain. The Add Windows Domain dialog displays.
    • Enter a Domain name alias and then click OK.
    • To save the domain alias setting, click Apply and then click OK. You will not be able to join the domain until you have saved the domain alias setting.
    • Select the domain Name you created and click Join. The Add Windows Domain dialog displays.
    • Configure the domain membership information:
      • In the DNS Domain Name field, enter the DNS name for the Windows Active Directory domain. This is not the fully qualified domain name of the ProxySG appliance
        • Note: The ProxySG appliance must be able to resolve the DNS domain name you supply for the Active Directory domain or the appliance will not be able to join the domain. If DNS resolution fails, check your DNS configuration.
      • Enter the primary domain access User Name. You can either enter the plain user name (for example, sg-admin) or use the [email protected] format ([email protected]). This account must have sufficient rights for joining the domain.
      •  Enter the Password for this user.
      • Click OK. The appliance displays a message indicating that the domain was successfully joined and the value in the Joined field changes to Yes.
    • If you want ProxySG to join to additional Windows domains, repeat the above steps.

    • Click Apply to save your changes. 

 

Note: When the ProxySG first joins a domain, it creates a machine account in Domain/Computer. The domain user account must have the privilege to create and modify ProxySG machine account in AD. Once the ProxySG joined the domain, it discards the domain user account and uses ProxySG machine account for subsequent communications. The ProxySG's machine account is the Hostname defined in Management Console > Authentication > Windows Domain > Hostname. The ProxySG changes its machine account password every fifteen days.