Active Directory Domains for Windows Hosting

Note: This functionality is suitable for Private Cloud and is not highly demanded by Public Cloud

Active Directory (AD) is a popular directory service for Windows networks that organizes and controls access to the resources and processes within the confines of a separate domain. It  provides tools for managing individual network accounts, as well as for running the network-wide operations. Taking the benefits from its easily adjustable scalability, the Active Directory can be used for serving both small and large network environments.

With the help of the AD technology, Jelastic provides an ability to bind a particular domain to a specific group of users (or several of them), thus all of the Windows-based nodes, created by these group members, will belong to that stated domain. The benefits of this option may become especially useful for Jelastic Private Cloud partners: for example, if you have several large customers, you can create a set of separate user groups and allocate an individual domain for each of them, so every group can be maintained independently and the required tasks and configurations won’t intersect. Another possible situation is when it is needed to grant some particular permissions to a third-party organization or to the clients themselves - in such a case, you can include them in a separate group with a domain bound and, with the help of AD feature, assign the required permissions on resource access and delegate administration of the group to the appointed manager or group lead.

So, let’s reveal how this can be done. The list of available Active Directory domains can be managed by navigating to the JCA > Cluster > AD Domains (Windows) menu point:

The following information is provided within the table inside:
  • the first column contains the appropriate Domain name
  • the second one shows the domain’s DNS (an optional value)

Switch to the corresponding section in order to find out how to:

Add AD Domain

In order to Add a new Active Directory domain to your platform, click the corresponding button at the top tools pane:

Note: The appropriate domain should be bought beforehand using any preferred domain registrar, i.e. it should already exist.
The Add domain frame will be opened, where the following values need to be specified within the appropriate fields:
  • Domain name - obviously, the address of your registered AD domain
  • User name - login for the domain administrator user
  • Password - access password for the specified user
  • Confirm password - retype the entered password
  • DNS (optional) - IP address that refers to this domain (can be left blank)

Click on Add when all of the required settings are specified.

Assign AD Domain to Users’ Group

Once you’ve added a new AD domain, it can be bound to a particular group of users.

For that, navigate to the Groups JCA section, choose the required users’ group and select the Edit button at the tools panel (or click on Add if you’d like to simultaneously create a new group).

In the opened frame, state all of the necessary parameters (see more info on groups settings) and choose the required AD Domain at the same-named drop-down list:

Note: Here you can also access the Add domain window (the last list option) in order to add another domain.

Click Save when this is done. For now, all of the Windows-based environments, created by users of this group, will belong to the chosen Active Directory domain.

Edit AD Domain

Any added domain’s parameters can be Edited by simply selecting the required domain inside the AD Domains (Windows) JCA section and clicking on the appropriate button at the top panel:

In the Edit domain window that appears, you can change all of the settings, stated during this domain addition, just by typing new values for them. Ticking the Change password check-box will expand the corresponding section, where a new password should be confirmed with the old one.

Pay attention: Changing these values at Jelastic side won’t affect the domain’s actual parameters. Thus, for example, stating the new password here only makes sense if this operation has been previously done in your domain configs.
Select Save once all of the necessary changes are made, to apply them immediately.

Remove AD Domain

In order to delete the Active Directory domain, which is no longer needed, select it within the list and click on the corresponding button above:

Note: The chosen domain should not be assigned to any group of users for being removed.

Additionally, confirm this action through the appeared pop-up window and then the chosen domain will be removed from the list.