Re: [jira] [Updated] (VCL-1118) AD Join in a multi site domain

Thu, 30 Nov 2023 10:46:00 -0800 

Remove 
Sent from Norma P. Estrella's iPhone

> On Nov 30, 2023, at 10:19 AM, Josh Thompson (Jira) <j...@apache.org> wrote:
> 
> 
>     [ 
> https://issues.apache.org/jira/browse/VCL-1118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>  ]
> 
> Josh Thompson updated VCL-1118:
> -------------------------------
>    Fix Version/s: 2.6
> 
>> AD Join in a multi site domain
>> ------------------------------
>> 
>>                Key: VCL-1118
>>                URL: https://issues.apache.org/jira/browse/VCL-1118
>>            Project: VCL
>>         Issue Type: Bug
>>         Components: vcld (backend)
>>   Affects Versions: 2.5
>>           Reporter: Junaid Ali
>>           Priority: Major
>>            Fix For: 2.6
>> 
>>        Attachments: ad-multi-site.patch
>> 
>> 
>> The current AD domain join process does a server less bind to delete the 
>> computer object first and then immediately adds the computer object to AD. 
>> For a multi site environment if the computer object deletion occurs on a 
>> different domain controller than the domain controller where the computer 
>> object addition takes place this can be problematic. After the inter site 
>> replication completes in some cases the net effect will be computer object 
>> deletion, which means that the VM will not have domain membership and so 
>> fail user authentication and lose access to AD resources.
>> This patch provides the following updates to the active directory join 
>> process
>> - discover the VM's active directory site based on its public IP address. if 
>> sites are not defined within active directory, use the default site that is 
>> auto created by Active Directory (Default-First-Site-Name)
>> - delete the VM from a domain controller within its site. wait 20 seconds 
>> for the intra site replication to complete
>> - join the VM to the same active directory domain controller that it was 
>> deleted from in the previous step or to a domain controller within the VM's 
>> active directory site.
>> added utility functions for converting dot decimal format ip information to 
>> cidr (classless inter-domain routing) format. This is needed for VM active 
>> directory site calculation, as the active directory sites are stored in cidr 
>> format. currently, this supports IPV4 addresses only.
> 
> 
> 
> --
> This message was sent by Atlassian Jira
> (v8.20.10#820010)

Reply via email to