If you use an Active Directory (AD) account to mount a Server Message Block (SMB) file system on a Windows server, you can control access to the files and directories of the file system. This topic describes how to join a Windows server to an AD domain.

Step 1: Set the DNS server address

Before you join the Windows server to the AD domain, you must specify a Domain Name System (DNS) server address to store the DNS records of the AD domain controller. In most cases, the AD domain controller is also the DNS server. Therefore, you must set the DNS server address to the IP address of the AD domain controller. We recommend that you set the DNS server address to the private IP address of the Elastic Compute Service (ECS) instance that serves as the AD domain controller. This applies if the Windows server and the AD domain controller are both ECS instances in Alibaba Cloud and reside in the same virtual private cloud (VPC).

In this example, Windows Server 2012 is used. To set the DNS server address, perform the following steps:

  1. Choose Control Panel > Network and Internet > Network and Sharing Center in the Start menu.
  2. In the View your active networks section of the Network and Sharing Center dialog box, click Ethernet.
  3. In the Ethernet Status dialog box, click Properties.
  4. In the This connection uses the following items section of the Ethernet Properties dialog box, select Internet Protocol Version 4 (TCP/IPv4), and click Properties.
  5. On the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select Use the following DNS server addresses and set the DNS server address to the IP address of the AD domain controller.SMB_ACl_DNS
  6. Use the Command Prompt tool to ping the IP address to verify the connectivity of the AD domain controller.
    SMB ACL001
Note

After you set the DNS server address, you can run the following command on the Command Prompt of the Windows server: net use z: \\nas-mount-target.nas.aliyuncs.com\myshare /user:MYDOMAIN.com\USERNAME PASSWORD. This command mounts an SMB file system to the Windows server by using the AD account.

Step 2: Join the Windows server to the AD domain

In this example, Windows Server 2012 is used. To join the Windows server to the AD domain, perform the following steps:

  1. Choose Control Panel > System and Security > System from the Start menu.
  2. In the Computer name, domain, and workgroup settings section of the System dialog box, click Change settings.
  3. On the Computer Name tab of the System Properties page, click Change.
  4. In the Member of section of the Computer Name/Domain Changes dialog box, enter the information of the AD domain. Click OK to compete the settings as prompted.SMB_ACl_AD_Domain
  5. Restart the Windows server to apply the settings.
    Note

    After you set the DNS server address, you can run the following command on the Command Prompt of the Windows server: net use z: \\nas-mount-target.nas.aliyuncs.com\myshare. /user:MYDOMAIN.com\USERNAME does not include in the command. This command mounts an SMB file system to the Windows server by using the AD account.