Creating Active Directory Configuration and Joining Active Directory via VAST CLI

  • Updated on Feb 4, 2026
  • Published on Jan 28, 2026
  • 1 minute(s) read
Prev Next

VAST Cluster Active Directory configuration includes settings pertaining to Active Directory and settings for the underlying LDAP setup.

  1. Run ldap create to configure LDAP connectivity to Active Directory.

    Note

    If you are going to enable Active Directory domain auto-discovery, specify a single URI in the --url parameter. Also note that the auto-discovery feature cannot be enabled right on the initial ldap create command. It must be enabled with an ldap modify command after the Active Directory configuration is created (as a last step in this procedure).

    vcli: admin> ldap create --urls ldap://company-ad.com,ldap://company-ad2.com --port 389 --binddn cn=admin,ou=users,dc=mycompanyad,dc=com --bindpw **** --basedn ou=users,dc=mycompanyad,dc=com --group-searchbase ou=groups,dc=mycompanyad,dc=com --method simple --use-tls --domain-name co-ad.com --posix-templates AD

    An LDAP configuration record is created.

  2. Run ldap list to find out the ID of the newly created LDAP configuration record. in this example, the ID is 2.

  3. Run activedirectory create with the LDAP configuration record ID specified on the --ldap-id parameter:

    vcli: admin> activedirectory create --ldap-id 2 --machine-account-name co-vcluster  --organizational-unit OU=Computers,DC=co-ad,DC=com

    An Active Directory configuration record is created.

  4. Run activedirectory list to find out the ID of the Active Directory configuration record. In this example, the ID is 3.

  5. Run activedirectory modify with the Active Directory configuration record ID specified on the --id parameter. Add the --join option to join the Active Directory domain. Specify --admin-username and provide a user name of an Active Directory admin user with permission to join the Active Directory domain:

    vcli admin> activedirectory modify --id 3 --join --admin-username USER

  6. Confirm that you wish to proceed:

    Are you sure you want to modify the Active directory? [y/N] y

  7. Enter the password for the Active Directory admin user when prompted:

    Enter admin password:
Password:

Waiting ...

[2022-03-31 10:18:39] waiting for active directory My_AD enabled state to change to True ... /

Completed
vcli: admin>

  8. Run activedirectory list again and verify that the Active Directory configuration state is now Enabled.

  9. If you want to enable Active Directory domain auto-discovery, run ldap modify with the LDAP configuration record ID specified on the --ldap-id parameter. Add the --enable-auto-discovery option and specify the AD template:

    vcli: admin> ldap modify --ldap-id 2 --enable-auto-discovery --advanced-settings-templates AD

Related articles