Use Active Directory mode to integrate the system into your Active Directory domain.  To apply share-level access permissions settings, users must be imported in the Users tab.



Use the chart near the top of the page to check the current domain status for each device in the account.  Click Check to verify the domain join status.  Click Domain Info for information on the currently joined domain.


The available options are:

  • DNS Realm - The fully qualified domain name of the domain.
  • NetBIOS Domain Name - The NetBIOS name of the domain.
  • Computer OU - The organizational unit to which this device should belong.  If you do not specify the Computer OU, the computer account will be created in the default Computers container.  For format information, please see the OU Format section below.
  • Allow Web Access For - The users allowed to access the Team Portal.  The three options are All Domain Users, Users explicitly imported, and Users in specified OU.  By default, all AD users can access the Team Portal using a browser or the Morro Connect app.  Access can be restricted by specific OUs or by users that are imported into the Morro Data account.
  • Account OU - Works with the option "Users in specified OU" from "Allow Web Access For".  You may specify multiple OUs separated by semicolons (;).
  • Domain Administrator - The domain administrator account.
  • Password - The domain administrator password.


Use the Rejoin button in the lower right part of the screen to repeat the AD join process.  This can sometimes solve issues with AD integration.



OU Format

OUs should be entered from top level to bottom without RDNs and a '/' as the level delimiter.


To enter a top-level OU, simply enter the OU name, i.e. "Computers".


An example of a nested OU: If the top-level OU is "Company", and under "Company" is another OU named "Servers", enter "Company/Servers" in the field.


Leading and trailing whitespace characters are not allowed in OU names (Windows also will not allow this).


If the OU contains a '/' or '\' in the name, it must be prefixed with a '\'.  For example, if the OU name is "slash/slash\slash", then it must be entered as "slash\/slash\\slash".


In some cases, depending on the Windows server locale setting, browser used, and client PC OS used, '/' may be interpreted as another character (for example, we saw the currency symbol for Japanese Yen or Chinese Yuan in one instance).  We recommend avoiding the '/' character when naming OUs.



Notes

  • CacheDrives will get a user's group memberships on login.  If group memberships are modified on the domain controller while the user is logged in, the changes will not take effect for the particular user until he logs in again.  For more information, see the following article:

    Active Directory Group Membership Changes



Troubleshooting

For troubleshooting tips, please see the following article:


Active Directory Join Issues