Sunday, 30 April 2017

Automating CIFS Server Domain Joins for ONTAP

There’s probably not much demand for automating CIFS Server Domain joins (cifs server create). Still, if you have to create a lot of SVMs, and each SVM has a CIFS server on the same domain, and you don’t want to keep having to enter the domain administrative credentials (or getting someone else to do this), this blog post might be of interest.

CIFS Server domain join in ClusterShell

Using ClusterShell to do CIFS Server Domain joins is fine - unless you have lots to do. If you have lots to do, then having to keep entering user name and password is a pain. Example below:

C910::> cifs server create -vserver SVM1 -cifs-server SVM1 -domain lab.priv

In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the "LAB.PRIV" domain.

Enter the user name: administrator
Enter the password: ********

CIFS Server domain joins in PowerShell

In PowerShell we can save the domain credentials so we don’t need to keep inputting them. The below is an example of how to do a domain join in PowerShell using the Data ONTAP PowerShell Toolkit.

The penultimate line is where we store the domain credentials. The domain join is in the final line. And the rest is just setup (intentionally verbose to make it clear what we’re doing.) This is not a PowerShell script, this is just typed (or pasted) directly after the PowerShell prompt>

Import-Module DataONTAP

$ClusterCredential = New-Object System.Management.Automation.PsCredential($(Read-Host "Cluster Username"),$(Read-Host "Cluster Password" -AsSecureString))

Add-NcCredential -Name $CLUSTER -Credential $ClusterCredential
Connect-NcController $CLUSTER

$DomainCredential = New-Object System.Management.Automation.PsCredential($(Read-Host "Domain Username"),$(Read-Host "Domain Password" -AsSecureString))

Add-NcCifsServer -VserverContext SVM1 -Name SVM1 -Domain lab.priv -AdminCredential $DomainCredential -Force

Image: Example Output (note the domain username is administrator@lab.priv)

And for subsequent CIFS Server domain joins, you can just copy and paste a script of PowerShell commands into PowerShell>

Add-NcCifsServer -VserverContext SVM2 -Name SVM2 -Domain lab.priv -AdminCredential $DomainCredential -Force
Add-NcCifsServer -VserverContext SVM3 -Name SVM3 -Domain lab.priv -AdminCredential $DomainCredential -Force
Add-NcCifsServer -VserverContext SVM4 -Name SVM4 -Domain lab.priv -AdminCredential $DomainCredential -Force

And on…

BONUS UPDATE: CIFS Server domain re-joins in PowerShell

If you want to rename the CIFS server (re-join AD with a new AD Machine Account), the PowerShell is like below (where SVM1 is the new CIFS server name - might have been SVM1-TEMP before):

set-nccifsserver -VserverContext SVM1 -AdministrativeStatus down -Domain lab.priv -AdminCredential $DomainCredential
set-nccifsserver -VserverContext SVM1 -CifsServer SVM1 -Domain lab.priv -AdminCredential $DomainCredential -Force

No comments:

Post a Comment