This section explains how to connect ANQ to Azure Active Directory Domain Services (AD DS).
Azure AD DS provides managed domain services such as Windows Domain Join, Group Policy, LDAP, and Kerberos authentication. You can connect your ANQ to standard Active Directory (on-premises AD or self-managed AD in the cloud) or to Azure AD DS.
-
For information about joining ANQ to standard AD, see Join Your Qumulo Cluster to Active Directory on Qumulo Care.
-
For information about joining Azure AD DS, see the following resources in the Azure AD Domain Services documentation.
To Configure Azure Active Directory Domain Services (AD DS)
-
Create an instance of Azure AD DS by entering the following details.
-
Name: Your domain name. We recommend entering
$DOMAIN.onmicrosoft.com
that the system creates for you. You can also use your own custom domain name that is a routable or non-routable domain suffix. -
VNet: A VNet and a resource group for your Azure DS instance.
-
SKU: Standard
-
Forest: User
After the system completes deploying your managed domain (this takes 1-2 hours), it creates the VNet that you have specified.
-
-
Configure DNS for your managed domain.
-
Log in to the Azure portal and search for
azure active directory domain services
. -
Click your domain.
-
In the Required configuration steps section, under Update DNS server settings for your virtual network, write down the domain controllers (DNS servers) that the managed domain deployment created for you, and then click Configure. For more information, see Update DNS settings for the Azure virtual network in the Azure AD Domain Services documentation.
-
-
(Optional) If the Azure AD DS managed domain VNet is different from the VNet that you used for deploying ANQ, peer the two VNets. For more information, see Configure virtual network peering in the Azure AD Domain Services documentation.
-
Configure the ANQ DNS servers to point to the servers that the managed domain provided for you. For more information, see Custom DNS Configuration on Qumulo Care.
-
To finish configuring your file system to work with Azure AD DS, join your Qumulo cluster to AD.
Note
We recommend giving an administrative role to the user who joins the domain. For newly created users, the system requires a password reset when the user logs in to the Azure portal.
Next Steps
After you deploy your Azure AD DS instance and connect ANQ to it, you can configure SAML SSO for ANQ. For more information, see Configuring SAML Single Sign-On (SSO) for Your Qumulo Cluster in the Qumulo Administrator Guide.