Subscribe
Accepted Solution

AD pass-through for SVM

We are in the beginning stages of converting from VMware to Hyper-v. Reading the Best practices I need to join my data LIF's to AD. At issue is the current Storage vlan is an isolated network with no routing because and only hosts NFS and iSCSI traffic. We are planning to use SMB for Hyper-v. I have configured AD pass-through in this cluster and it is working to my nodes. There is no AD, DNS or layer 3 on the storage vlan (VMware and NFS does not have this requirement) Is there a way to create a pass-through for AD to my SVM or do I need to put a Domain Controller on this network? cDOT 8.3.1

Re: AD pass-through for SVM

No, pass-through works only for administrative access to cluster. Just add another LIFs to SVM that are able to contact domain controller. You can also restrict data protocols through these LIFs if this is security concern.

Re: AD pass-through for SVM

Thank you for the reply, it confirms what I have come to understand about the pass-through, but been unable to find in print. I like the thought of adding another LIF to join AD; which I do for other SVM's, however cDOT Hyper-v documentation specifically stats that the DATA LIFs be set up as the CIFS server and the name has to be different than the SVM name. My understanding is that AD can only have one SID per system/machine. Since this is two data ports from the same SVM if I join the AD domain using the management LIF I cannot join the DOMAIN a second time from the DATA LIF correct? At this point we are looking into this: multi-homing one of the secondary DNS/domain controllers.

Your Thoughts.

Re: AD pass-through for SVM


cDOT Hyper-v documentation specifically stats that the DATA LIFs be set up as the CIFS server and the name has to be different than the SVM name

Can you provide link to documentation?

 


Since this is two data ports from the same SVM if I join the AD domain using the management LIF I cannot join the DOMAIN a second time from the DATA LIF correct?

You do not join LIF, you join SVM. Let's wait until you show documentation you mentioned.

Re: AD pass-through for SVM

Sure thing, I should have lead with that.

https://kb.netapp.com/support/index?page=content&id=1015099

(KB Doc ID 1015099 Version: 7.0 Published date: 02/25/2016)

Re: AD pass-through for SVM

I'm confused. This document says exactly the same - create separate LIF(s) for data and management. So where is your problem? Sorry, I really do not understand.

Re: AD pass-through for SVM

Sorry for the long delay and I appreciate the quick response, I was busy configuring.  I think I am all set.  I did use the management port to join CIFS.  When I read the doc and the Microsoft consultant read doc and the VMware admin read the doc we all thought that the DATA LIF had to be be joined to AD.  I used the managment LIF to join AD.   I do not know if it is a issue , using the management LIF, but that is what I did. 

 

Again thank you for your time and help.