Joining Active Directory

From NAS-Central Buffalo - The Linkstation Wiki
Revision as of 08:21, 15 November 2007 by Joergl2006 (Talk | contribs)

Jump to: navigation, search

With the Linkstation Pro/Terastation Pro/Terastation Pro v2 it is possible to join an active directory domain. Hopefully this article helps many to get it setup faster.


  1. There must be a machine account for your TeraStation on your Domain controller existing,
  2. This machine account for the TS must be flagged as trusted for delegation,
  3. Inside your DNS-server there must be the (A)Host entry for the TS in the Forward-Lookup-Zone and
  4. inside your Reverse-Lookup-Zone there must be the PTR-Record.
  5. Make sure the time of the terastation does not differ more than 10 minutes from the AD server

If 2) and 4) are not given then the LinkStation Pro/TeraStation Pro/Terastation ProII is not allowed to join the ADS as BDC, Backup domain controller, which is the working scheme of the ADS client on the Stations.

If 1-4 is given the LinkStation Pro/TeraStation Pro/Terastation ProII is able to join. Inside the Network setup you only have to enter the NetBIOS name, the full qualified Domain name and the full qualified PDC name with Domain Administrator name and password.

The LDAP on the Station then is contacting the PDC (Forward-Lookup-Zone set) and is asking for a copy of existing users. If "trusted for delegation" the TS will receive the answer (Trusted flagged and Reverse-Lookup-Zone set). So, if the last settings are not existing the answer will not be given and send. Here are about 95% of all ADS-issues located.

Normal Windows Clients in any ADS do not need to be set up this way since the PDC, the Primary Domain Controller, is handling all stuff by its own. But TeraStation Pro / Pro II and LinkStation Pro are separate things. They both communicate using the internal LDAP to communicate with the PDC. But the PDC in general is not contacted by any clients since he is the one-and-own master. So the PDC must be configured to accept the Station as a unit in the network which is allowed to contact the PDC. This is done by flagging the machine account as "trusted for delegation". Now the PDC is answering the requests. Additional the complete DNS forward and backward communication is done by both entries in the DNS-Server running on the PDC. Please note that you also should set the primary DNS IP-Address (inside network IP-Address setup of the Stations) to this and not to the gateway/router.

If it still won't work please check these:

  1. please check the internal Date/Time settings, especially the correct Time-Zone (by default +9 hours). The Timestamps of TS and PDC can only be 5 minutes different, otherwise the PDC will reject the Station. There is a good description of the problem caused by the "Time Difference / LDAP Error 82" located here: Troubleshooting Replication Errors, Microsoft TechNet
  2. the Primary DNS Server IP of the TeraStation network settings must be the IP address of the DNS Server running on the PDC.
  3. the IP address of the Gateway shall be the real gateway/router or the domain controller.In General 1) is the well known point why the Link- or TeraStation still cannot join even if above named things are done proberly.

In General Point 1) is the well known point why the Link- or TeraStation still cannot join even if above named things at top of this page are done proberly.