In order to create an Active Directory machine account, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the "mydomain.com" domain.
Enter the user name:administrator [This is the administrator privileged account at the AD server]
Enter the password:
2. Verify the AD configuration [Also login to the AD server and verify the entry for “vs1” in the machines’ list for the configured domain]
Cluster-1_2::> vserver active-directory show
Vserver Name Name
----------- ------------- ------------
vs1 VS1 mydomain
3. Create the user account for the SVM. Note that the user name will be in the format <domainname>\<username>
For the administrative SVM (cserver), a domain tunnel (tunnel vserver) needs to be created first. This establishes an authentication gateway or "tunnel" for authentication of user accounts with the Active Directory, thus enabling the login to administrative SVM
Identify an already created or create a new data vserver (SVM) that is configured with the AD server as explained in PART 1 (Data SVM workflow). This is the SVM that will be specified with subsequent tunnel command. The tunnel SVM has to be running or this command will return an error. Only one SVM is allowed to be used as a tunnel. If you attempt to specify more than one SVM the system returns an error. If the tunnel Vserver is stopped or destroyed, user authentication requests for administrative SVM will fail.
The following shows example of commands needed to create login user “user_ad_ssh” for administrative SVM “Cluster-1_2”. In this example, the SVM created in PART 1 above is re-purposed as tunnel SVM for the administrative SVM.