All Products
Search
Document Center

Cloud Storage Gateway:Join a file gateway to an AD domain

Last Updated:Jun 20, 2026

Join your file gateway to an Active Directory (AD) domain so that domain users can access Server Message Block (SMB) shares with their AD credentials.

Prerequisites

Important

You can authenticate using either AD domain users or local users, but not simultaneously. When you join or leave an AD domain, all existing user permissions for the Common Internet File System (CIFS) share are automatically deleted.

Join a file gateway to an AD domain

  1. Select an AD server that is in the same VPC as your file gateway.

  2. Configure the security group for the ECS instance that hosts your AD server. Add and configure inbound rules as follows: set the authorization policy to Allow, the priority to 1, and the source to the IP address of your Cloud Storage Gateway, for example, 172.16.0.155. The rules must allow access over both TCP and UDP for the following AD-related ports: 389 (LDAP), 445 (SMB), 88 (Kerberos), and 53 (DNS). This requires a total of eight rules.

  3. Keep your existing DNS server configuration, and add the IP address of your AD server as the first entry in the list of DNS servers. For instructions, see Configure DNS.

  4. Join the file gateway to the AD domain. For instructions, see Join an AD domain.