Domain Join Setup¶
Before moving on to the Domain Join setup phase, please ensure you have reviewed and met the requirements on the Domain Join landing page, completed the steps in the Domain Controller Preparation guide, adjusted the appropriate AWS account permissions using the AWS IAM Permissions guide, and/or configured your DNS settings on Azure (if applicable).
Before we begin the setup process, we will want to verify that our Xi Frame account Sandbox can communicate with the domain controller (DC). Start by logging into the Sandbox of the Xi Frame account you would like to join to the domain.
- First, we need to make sure that communication between your Frame instances and your desired DNS is functioning. From the Sandbox, use either the
pingcommand or the
nslookupcommand (if ping / ICMP is disabled) of the DNS server’s IP address. It’s common that the domain controller is also the DNS server; if that’s the case, we’ll be directly pinging the DC. To do this, we will open up a Command Prompt on our Sandbox and type
ping [ip address]or
nslookup [ip address].
- You should see the name of the server we looked up via IP address. In our example, you can see it returned
supportdc.azuredji.local. Now that we have verified our DNS settings are correct and we are able to resolve the name of the Domain Controller, we can connect our Xi Frame account to our Domain Controller. After closing your Sandbox session, power the Sandbox off from Dashboard.
You can join your Sandbox or Utility server to your domain by logging into either machine and following the standard process of joining a Windows machine to a domain.
- Navigate to the “Settings” page on the sidebar and click on the “Domain Join” tab.
The Domain Join settings section will populate multiple fields requiring information in the formats listed below.
- Domain name: The DNS Domain Name we mentioned earlier in this guide –
- Domain controller IP: The IP address of the Domain Controller –
10.0.0.5or FDQN –
- DNS servers: You can list up to 3 DNS Server IPs in a comma-separated format –
- Service account name: This is the service account we created in the Domain Controller Preparation guide. This must be in UPN format –
email@example.com. Do not use the down-level logon name format (
- Service account password: The password for the service account mentioned above.
- Target OU: This is the distinguished name of the OU which we copied during the Domain Controller preparation –
- Logout local user: If enabled, you will no longer login with the Frame local user credentials, but will be asked to login as a domain user instead.
- VPC CIDR: Do not use this field unless directed to by a Frame Solutions Architect or SRE.
- Once you have correctly entered all of the required information, click “Save” in the upper right corner of the page. A notification will appear displaying the pending request to enable Domain Join.
- The pending request notification will disappear once the process is complete and your Domain Join tab will now display the option to change the service account password as shown below.
- Lastly, go back to your “Systems” page and publish your Sandbox. Once the publish is complete, you will be able to access your Domain Joined instances.
To ensure your production instances are joined to your domain correctly, it is recommended to adjust your first publish to a max of 1 (under your capacity settings) and verify changes before publishing to a larger pool.