activedirectory create

  • Updated on Jan 30, 2026
  • Published on Jan 28, 2026
  • 2 minute(s) read
Prev Next

This command creates an Active Directory (AD) configuration record. After running this command, run activedirectory list to obtain the ID of the configuration record, and then run activedirectory modify to make the cluster join the Active Directory domain using the Active Directory configuration record ID you obtained.

Important

Ensure that your installation meets the prerequisites and requirements listed in Active Directory Overview.

You can create multiple Active Directory configurations. Note that VAST Cluster does not allow adding two different Active Directory configuration records that have:

  • The same domain name but different settings for multi-forest authentication and/or auto-discovery.

  • The same domain name and the same machine account name.

Usage
activedirectory create --ldap-id LDAP_ID
                       --machine-account-name MACHINE_NAME 
                       [--organizational-unit OU]
                       [--allow-smb|--disallow-smb]
                       [--enable-ntlm|--disable-ntlm]
Required Parameters

--ldap-id LDAP_ID

ID of the LDAP configuration to set up LDAP connectivity to Active Directory.

For example: 3

--machine-account-name MACHINE_NAME

Specifies a name for the machine object that will be created for the cluster within Active Directory, inside the Organizational Unit (see --organizational unit). It is recommended to name the machine name the same as the cluster name for simplicity.

Options

--organizational-unit OU

The organizational unit (OU) in the Active Directory domain in which to create the machine object. The name of an organizational unit (OU) in the Active Directory domain.

If unspecified, the machine object is created in the Computers OU.

Specify as a Distinguished Name (DN).

For example: OU=Computers,DC=company-ad,DC=com

--allow-smb

When this option is specified, VAST Cluster uses this Active Directory provider to authenticate and authorize clients accessing the cluster via the SMB storage protocol.

--disallow-smb

Disables use of this Active Directory provider  for SMB client access.

--enable-ntlm

When this option is specified, SMB clients accessing the cluster are allowed to use NTLM authentication to get authenticated via this Active Directory provider. This is the default behavior.

Note

NTLM authentication is not FIPS-compliant.

--disable-ntlm

Prohibits use of NTLM authentication on this Active Directory provider. SMB clients are expected to use Kerberos authentication, which requires an SPN to be configured for each virtual IP pool. Workflow for Enabling Client Protocol Access

Example
vcli: admin> activedirectory create  --ldap-id 2 --machine-account-name cluster1 --organizational-unit OU=Computers,DC=company,DC=com

Related articles
  • activedirectory create
    VAST Cluster > Version 5.2 > VAST Cluster 5.2 CLI Command Reference > activedirectory commands
  • activedirectory create
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 CLI Command Reference > activedirectory commands
  • activedirectory create
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 CLI Command Reference > activedirectory commands