Get a Quote     (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode
TrueNAS.com Software Systems Company Community Security iX Portal Download

  1. Documentation Hub
  2. /
  3. TrueNAS CORE and Enterprise
  4. /
  5. UI Reference Guide
  6. /
  7. Directory Services
  8. /
  9. Active Directory Screen
Edit this page

Active Directory Screen

  4 minute read.

Last Modified 2022-08-15 13:43 -0400

The Active Directory (AD) service shares resources in a Windows network environment. Go to Directory Services > Active Directory to set up AD on TrueNAS. The first Active Directory screen is a list of basic options.

ActiveDirectoryScreen

Basic Options

ActiveDirectoryScreenBasicOptions

Name Description
Domain Name Enter the Active Directory domain (example.com) or child domain (sales.example.com). Required field.
Domain Account Name Enter the Active Directory administrator account name. Required field.
Domain Account Password Enter the password for the Active Directory administrator account. Required when configuring a domain for the first time. After initial configuration, the password is not needed to edit, start or stop the service.
Enable (requires password or Kerberos principle) Enable the Active Directory services. Must enter the Domain Account Password when selecting this option for the first time.

Click ADVANCED OPTIONS to access extra options shown below.

Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available or visible in the permissions editors.

Advanced Options

ActiveDirectoryScreenAdvancedOptions

Name Description
Verbose logging Select to log attempts to join the domain to /var/log/messages.
Allow Trusted Domains Select to not include a domain name in user names. Leave checkbox clear to force domain names to prepend to user names.
One possible reason for not setting this value is to prevent user name collisions when Allow Trusted Domains is selected and there are identical user names in more than one domain.
Use Default Domain Leave checkbox clear to prepend the domain name to the user name. When not selected prevents name collisions when Allow Trusted Domains is set and multiple domains use the same user name.
Allow DNS Updates Select to enable Samba to do DNS updates when joining a domain.
Disable FreeNAS Cache Select to disable caching AD users and groups. This can help when unable to bind to a domain with a large number of users or groups.
Restrict PAM Select to restrict SSH access in certain circumstances. When selected only members of BUILTIN\Administrators have SSH access.
Site Name Enter the relative distinguished name of the site object in the Active Directory.
Kerberos Realm Select an existing realm added in Directory Services > Kerberos Realms.
Kerberos Principal Select the location of the principal in the keytab. Keytab created in Directory Services > Kerberos Keytabs.
Computer Account OU The organizational unit where new computer accounts get created. OU strings read from top to bottom without RDNs. Use slashes (/) as delimiters, like Computers/Servers/NAS. Use the backslash (\) to escape characters but not as a separator. Backslash interpretation takes place at many levels. Backslashes might need doubling or even quadrupling to take effect. When left blank, new computer accounts get created in the Active Directory default OU.
AD Timeout Number of seconds before timeout. To view the AD connection status, open the interface Task Manager.
DNS Timeout Number of seconds before a timeout. Increase this value if AD DNS queries time out.
Winbind NSS Info Select the schema to use when querying AD for user/group info from the dropdown list. rfc2307 uses the schema support included in Windows 2003 R2. sfu is for Service For Unix 3.0 or 3.5. sfu20 is for Service For Unix 2.0.
Netbios Name The Netbios name of this NAS is truenas. This name must differ from the Workgroup name and be no greater than 15 characters.
NetBIOS alias Alternative names that SMB clients can use when connecting to this NAS. Can be no greater than 15 characters.
LEAVE DOMAIN Disconnects the TrueNAS system from the Active Directory.

Click SAVE to save settings.

Click BASIC OPTIONS to return to the Active Directory display of basic options only.

Click EDIT IDMAP to navigate to the Directory Services > Idmap screen.

Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available in the permissions editors.

Related Content