Use Active Directory mode to integrate the system into your Active Directory domain.  To apply share-level access permissions settings, users must be imported in the Users tab.



Use the chart near the top of the page to check the current domain status for each device in the account.  

  • Check - Verify the domain join status.  
  • Domain Info - Get the information of the currently joined domain.
  • Join Domain - When the CacheDrive joined the domain failed, click this option to join again.
  • Show Errors - When the CacheDrive joined the domain failed, click this option to view the errors.
  • Check All - Verify the domain join status for all CacheDrives.


The other available options are:

  • DNS Realm - The fully qualified domain name of the domain.
  • NetBIOS Domain Name - The NetBIOS name of the domain.
  • Computer OU - The organizational unit to which this device should belong.  If you do not specify the Computer OU, the computer account will be created in the default Computers container.  For format information, please see the OU Format section below.
  • Allow Web Access For - The users are allowed to access the Team Portal.  The five options are All Domain Users, Users explicitly imported, Users in specified OU, Users in specified groups, and Disallow all users.  By default, all AD users can access the Team Portal using a browser or the Morro Connect app.  Access can be restricted by specific OUs, groups or by users that are imported into the Morro Data account.
  • Account OU - Works with the option "Users in specified OU" from "Allow Web Access For".  You may specify multiple OUs separated by semicolons (;).
  • Domain Administrator - The domain administrator account.
  • Password - The domain administrator password.
  • Server requires secure connection - If your domain controller works on a Windows server 2023 or higher version, you may need to install the certificate on the CacheDrive when joining to the domain.
    • Allow self-signed certificate - Select this option when you are in a development, testing, or staging environment. And the service runs on a private, internal network not accessed from the public internet.
      And you are comfortable with, and can safely manage, browser security exceptions.
    • Install certificate (*1) - Select this option when your service is public-facing (e.g., a website, customer portal). You require standard security that all browsers and users trust automatically. And you want to avoid showing any security warnings to your end-users. If you select this option, you need to upload your certificate to the CacheDrive. Please refer to the following section for how to upload the certificate.
  • Rejoin - If the join to the domain failed, you can modify the information and click this button to repeat the AD join process.  This can sometimes solve issues with AD integration.
  • Save Credential - If you change the credentials, like Domain Administrator or Password, click this button to save. The new credentials will be used when a new CacheDrive joins the domain, and so on.
  • Save Certificate - If you enable the option "Server requires secure connection", use this button to save your certificate.


(*1) How to "Install certificate" to CacheDrive from MCM

MCM requires a public certificate in .crt format. Here is a simple way to export a certificate from the Domain Controller on Windows Server. According to your Windows Server configuration, please modify the corresponding parameters in the commands:

  • Open PowerShell as Administrator.
  • List your certificates by the command:  Get-ChildItem Cert:\LocalMachine\My | Select Subject, Thumbprint
  • Export with .crt extension by the command: Export-Certificate -Cert "Cert:\LocalMachine\My\YOUR-THUMBPRINT" -FilePath "C:\your_cert.crt"


After exporting the certificate, you can upload the certificate to the CacheDrives from the Install certificate option. 


MCM will simply check the format of the certificate. If the format is invalid, the page will show the error message.



OU Format

OUs should be entered from top level to bottom without RDNs and a '/' as the level delimiter.


To enter a top-level OU, simply enter the OU name, i.e. "Computers".


An example of a nested OU: If the top-level OU is "Company", and under "Company" is another OU named "Servers", enter "Company/Servers" in the field.


Leading and trailing whitespace characters are not allowed in OU names (Windows also will not allow this).


If the OU contains a '/' or '\' in the name, it must be prefixed with a '\'.  For example, if the OU name is "slash/slash\slash", then it must be entered as "slash\/slash\\slash".


Special characters may not be supported even if they are allowed in Windows.


In some cases, depending on the Windows server locale setting, browser used, and client PC OS used, '/' may be interpreted as another character (for example, we saw the currency symbol for Japanese Yen or Chinese Yuan in one instance).  We recommend avoiding the '/' character when naming OUs.



Notes

  • CacheDrives will get a user's group memberships on login.  If group memberships are modified on the domain controller while the user is logged in, the changes will not take effect for the particular user until he logs in again.  For more information, see the following article:

    Active Directory Group Membership Changes



Troubleshooting

For troubleshooting tips, please see the following article:


Active Directory Join Issues