i set AD server as primary DNS and untangle as the secondary
Is your network flat (single subnet) or do you have things chopped up into vlans/subnets?
For VCSA, set your domain controller as the only DNS server for it. In AD, add a computer account for your VCSA and add the DNS record for the same domain youâve set your AD under the Forward Lookup Zones. For example.domain.net is your AD and VCSA is your host name, then add a record for VCSA.example.domain.net with the VCSAâs IP address). When joining AD with VCSA, make sure its the domain shorthand for account info, i.e. for the AD FQDN AD-DC.example.domain.net youâd enter example<Domain Admin> and itâs password
2 Likes
@cdoublejj, what @2bitmarksman described is probably what you want to do unless you have a more complex network with multiple subdomains. For instance, in my environment, I have an ad subdomain and an iaas domain. I have my ESXi host authenticate AD users, but its FQDN is not in the AD domain.
3 Likes
Who else here has used the date command to get the current date rather than looking at their phone when they forgot what day it was?
I know thereâs at least one more of you freaks out there 
3 Likes
ok, now I need to be able to comprehend what all you just said.
1, need to wrap my head around the forward dns, what is and where to do it.
2, figure out what MY âVCSA.example.domain.netâ is really called. i may have bunged this up when i rolled out my vcsa i set it up with no AD to vsphere.local
3, an account for VCSA in AD, how or what? Like itâs own user name and pw set as admin? can the naming be arbitrary or is it also set in VCSA?
What is your AD domain (or an obsfucated version of it)?
1 Like
i do!
âŚbut, i wanted it to be separate from AD. if that makes sense? as to say web hosting with roadgrader.net but, not have DNS or traffic pass through AD. that might not matter now.
(my AD was hosted on a big server and we have frequent power outages) and if AD fails to come up first, bad things happen, so i would assume)
EDIT: AD is now on a power sipping nuc on UPS now
EDIT: also yeah i sound ignorant right now. sorry about that
Oh wow, so you have domain.net registered with godaddy?
In that case, the way you have it currently, local.domain.net is your AD domain, so your DC should be something like dc1.local.domain.net, so you want to have vcsa.local.domain.net registered in AD. This wonât interfere with public records for like www.domain.net or just domain.net.
2 Likes
Yes! though i moved to ghandi because holy hell those renew fees. also i heard a lot of good things about gandi on /r/homelab or /r/sysadmin or something.
ok so now i need to learn how to register vcsa.local.domain.net/ in AD and where to do that. will it actually be VCSA.local.domain.net? not photon.local.domain.net?
Idk what photon is.
Photon is the what VMware calls itâs Linux OS base for vSphere
By default, youâll open up AD Users and Computers in MMC, go to where all the other computers are (believe its just Computers), right-click the pane on the right and add a computer. Add a computer account with the same name as the first portion of your VCSAâs FQDN (Itâd be VCSA in the case of vcsa.local.domain.net). Additionally, youâll need to add a DNS A record for VCSA as well. Youâd do this by opening DNS in MMC, expanding your local.domain.net -> Forward Lookup Zone and adding the record there. Check the âCreate a PTR recordâ checkbox as well for the reverse lookup.
Note, you should probably verify what youâve named your VCSA appliance for all that. If you want to change your FQDN for VCSA itself, thatâd require a reinstall unless youâre running vSphere 6.7U3 (you can review the article about the process here)
1 Like
My AD experience starts and ends with Samba, but we have several Windows admins here who can probably direct you.
2 Likes
Adding some images to @2bitmarksmanâs explanation
Open DNS Manager, expand âForward Lookup Zonesâ, right-click the domain you want to add, and click âNew Host (A or AAAA)âŚâ
Type in the name of the host and attach an its IP. The FQDN should auto-populate.
3 Likes
You can host multiple Domain Controllers which usually act as a fail over when one goes down.
1 Like
shockingly difficult in userland considering the vnode struct in the kernel has a pointer to the filesystem mountpoint
1 Like
Yeah, itâs something youâd want to get out of stat or similar, but I couldnât find any easy solution like that.
You can get the device number from stat -f %d /path/to/file (at least on macos/freebsd) but afaict %Sd is broken so you have to get the name the hard way:
$ fs_mountp() {
file=$1
devid=$(stat -f %d "$file")
rdevname=$(find /dev -exec stat -f '%r %Sr' {} \; | awk -v devid=$devid '$1 == devid { print $2 }')
mount -p | awk -v rdev=/dev/$rdevname '$1 == rdev { print $2 }'
}
$ fs_mountp /mnt/a/b/c
/mnt
Unfortunately this doesnât seem to work with zfs, because there are not devices that correspond to filesystems.
If things were not broken/complicated? Iâd expect stat -f %Sd $file to tell you the name of the device directly, which could then be easily translated into a mount point.
mount -p is a FreeBSD-specific convenience
works on macOS and FreeBSD (but still not ZFS):
fs_mountp() {
file=$1
devid=$(stat -f %d "$file")
rdevnames=$(find /dev -exec stat -f '%r %Sr' {} \; 2>/dev/null | awk -v devid=$devid '$1 == devid { print $2 }')
for rdev in $rdevnames; do
mount | sed -Ene "s#^/dev/$rdev +on +([^(]+).*\$#\\1#p"
done
}
Turns out stat -f %Sd doesnât work for ZFS for the same reason that script doesnât work, the implementation involves looking up the device node in devfs, which does not exist for ZFS filesystems. boo 
1 Like