active directory #9

  • By cloudbaseit
  • Latest version (#9)
  • win2012, win2012r2, win2016
  • Stable

Description

Active Directory (AD) is a directory service that Microsoft developed
for Windows domain networks. It authenticates and authorizes all users
and computers in a Windows domain type network, assigning and enforcing
security policies for all computers and installing or updating software.

Overview

This charm deploys a Windows Active Directory forest. Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services.

An Active Directory deployment is a core component for various Windows failover, clustering or live migration scenarios. Hyper-V, Cinder, Exchange, SMB, Failover-Cluster, Microsoft SQL Server Always On or VDI charms use Active Directory for centralized user, authentication, network and resource management.

As Active Directory uses Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Kerberos and DNS protocols, it can easily interact wit Unix-based services.

Configuration

In order to deploy Active Directory charm, the following configuration options are mandatory:

  • administrator-password, used to set the default Administrator password;
  • safe-mode-password, used to set the password for the Administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as "Directory Services Restore Mode";
  • domain-user, the name of the default domain user that the charm will create. This user will be granted with administrative privileges as well;
  • domain-user-password, the password for the domain-user;
  • domain-name, the fully qualified domain name.

Usage

How to deploy the charm:

juju deploy cs:~cloudbaseit/active-directory

How to add a relation with another charm:

juju add-relation active-directory <another_deployed_charm>

Scale out Usage

If another unit is added, another Domain Controller instance will be deployed.

How to add another unit:

juju add-unit active-directory

Scale down usage

When a unit is destroyed, an Active Directory controller is demoted and the node will be destroyed.

How to destroy a unit:

juju destroy-unit active-directory/<unit-number>

Configuration

administrator-password
(string) The password for the default local administrator user. If set to an empty value, the default local administrator password will not be changed. This can be the case for various providers like AWS, where the default local administrator user password is already set. In the case that the provider does not set a strong password for the default local administrator, make sure to specify a strong password. A strong password for the default local administrator is a requirement for Active Directory Domain installation. To enable scaling, a strong password must be provided, as it is needed to promote an active directory node to an active directory controller. The value must conform to the password requirements described at: https://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx
open-all-active-directory-ports
(boolean) The Active Directory Controllers have, by default, WinRM, RDP, LDAP(S), DNS and Kerberos ports opened. When set to True, the other Active Directory ports specified by Microsoft will be opened: https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
domain-user-password
(string) The password for the default domain user. This value is required. This value must conform to the password requirements described at: https://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx
ca-common-name
(string) The common name used for the AD certificate authority set up by the charm.
cloudbase
domain-name
(string) The Active Directory fully quallyfied domain name. This value is required vor the Active Directory installation. The format of the domain name must be <netbios domain name>.<domain-suffix> If this value is changed after the domain install, no changes will be performed.
cloudbase.local
enable-san-certificates
(boolean) Boolean option to indicate whether SAN certificates are enabled or not for the AD certificate authority.
change-hostname
(boolean) The hostname set inside the newly spawned machine is usually the same as the name of the instance being spawned. In cases where the instance name is larger then 15 characters (maximum size for windows NetBios names), the instance name gets truncated to the first 15 characters. This creates a problem, as hostnames in active directory, for example, are very important. Having more then one machine with the same hostname try to join the same domain, will create trust issues. This option allows changing the hostname of the current running system to a combination of the first 14 (or less, depending on how many digits the unit number has) characters of the charm name and the unit number. While this is not infallible, It does have less of a chance of creating hostname conflicts.
domain-user
(string) The default domain user that will be exposed by the Active Directory charm relation. It can be used by the charms that are in relation to connect to the Active Directory domain, as only a Domain user has the rights to connect a machine to that domain. This value is required vor the Active Directory installation.
jujuadmin
safe-mode-password
(string) The safe mode password for the Active Directory. A strong safe mode password is a requirement for Active Directory Domain installation. The value must conform to the password requirements described at: https://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx