Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.5
-
None
Description
The current AD domain join process does a server less bind to delete the computer object first and then immediately adds the computer object to AD. For a multi site environment if the computer object deletion occurs on a different domain controller than the domain controller where the computer object addition takes place this can be problematic. After the inter site replication completes in some cases the net effect will be computer object deletion, which means that the VM will not have domain membership and so fail user authentication and lose access to AD resources.
This patch provides the following updates to the active directory join process
- discover the VM's active directory site based on its public IP address. if sites are not defined within active directory, use the default site that is auto created by Active Directory (Default-First-Site-Name)
- delete the VM from a domain controller within its site. wait 20 seconds for the intra site replication to complete
- join the VM to the same active directory domain controller that it was deleted from in the previous step or to a domain controller within the VM's active directory site.
added utility functions for converting dot decimal format ip information to cidr (classless inter-domain routing) format. This is needed for VM active directory site calculation, as the active directory sites are stored in cidr format. currently, this supports IPV4 addresses only.