When you register the first Active Directory domain for your node, one auxiliary domain-bind account is required in the configuration. Having at least one auxiliary domain-bind account prevents the situation of locking out your administrator users from the Administration Console if the primary bind account becomes inaccessible in the Active Directory domain. You can optionally configure additional auxiliary bind accounts for the Active Directory domains that are registered with your nodes. Then if both the primary and first auxiliary bind accounts configured for the domain become inaccessible, the system uses the next auxiliary bind account to connect to the Active Directory domain.

Prerequisites

Verify that the Active Directory domain is registered to the node by navigating to Settings > Active Directory and seeing if the domain is listed on that page.

Verify that you have the user name and password information for the following accounts that are already configured in the Administration Console for the domain, because the user interface requires you confirm the existing passwords when performing this task:

  • Password for the already configured bind account

  • Password for the domain join account already configured in the user interface

Verify that you have the user name and password information for the bind account you are adding. Adhere to the following guidelines:

  • The account password cannot expire, change, or be locked out.

Caution:

Ensure that your domain-bind account meets the stated criteria, especially that the account password cannot expire, change, or be locked out. You must use this account configuration because the system uses this account as a service account to query Active Directory.

Procedure

  1. In the Administration Console, click Settings > Active Directory.
  2. Click the Active Directory domain for which you want to add the auxiliary bind account.
  3. Click Edit next to the displayed domain bind settings.
  4. In the Edit Active Directory dialog box, entering the password for the primary bind account.

    Entering the password here makes the Domain Bind button available to click to save the changes.

  5. Expand the advanced properties and click Add Auxiliary Bind Account.

    A section for the auxiliary account information is added to the dialog box.

  6. Type the account credentials.
  7. Click Domain Bind.
  8. In any subsequent windows that appear, confirm the existing settings by clicking Save in each window.

    If the Domain Join window appears, type the password of the domain-join account before clicking Save.

Results

The auxiliary bind account is available for the system to use if the primary an auxiliary bind accounts become inaccessible.

You can add multiple auxiliary bind accounts by repeating the steps. To change an auxiliary bind account's password or to remove it, use the corresponding links displayed in the Edit Active Directory window's advanced properties area.