You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/domain-joined/apache-domain-joined-configure-using-azure-adds.md
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,7 @@ Enabling Azure AD DS is a prerequisite before you can create a domain-joined HDI
25
25
26
26
After you provision the Azure AD DS instance, create a service account in Azure Active Directory (Azure AD) with the right permissions. If this service account already exists, reset its password and wait until it syncs to Azure AD DS. This reset will result in the creation of the Kerberos password hash, and it might take up to 30 minutes to sync to Azure AD DS.
27
27
28
-
The service account should have the following privileges:
28
+
The service account needs the following privileges:
29
29
30
30
- Join machines to the domain and place machine principals within the OU that you specify during cluster creation.
31
31
- Create service principals within the OU that you specify during cluster creation.
@@ -46,9 +46,12 @@ It's easier to place both the Azure AD DS instance and the HDInsight cluster in
46
46
When you create a domain-joined HDInsight cluster, you must supply the following parameters:
47
47
48
48
-**Domain name**: The domain name that's associated with Azure AD DS. An example is contoso.onmicrosoft.com.
49
+
49
50
-**Domain user name**: The service account in the Azure ADDS DC managed domain that you created in the previous section. An example is [email protected]. This domain user will be the administrator of this HDInsight cluster.
51
+
50
52
-**Domain password**: The password of the service account.
51
-
-**Organizational unit**: The distinguished name of the OU that you want to use with the HDInsight cluster. An example is OU=HDInsightOU,DC=contoso,DC=onmicrosoft,DC=com. If this OU does not exist, the HDInsight cluster tries to create the OU by using the privileges that the service account has. For example, if the service account is in the Azure AD DS Administrators group, it has the right permissions to create an OU. Otherwise, you might need to create the OU first and give the service account full control over that OU. For more information, see [Create an OU on an Azure AD DS managed domain](../../active-directory-domain-services/active-directory-ds-admin-guide-create-ou.md).
53
+
54
+
-**Organizational unit**: The distinguished name of the OU that you want to use with the HDInsight cluster. An example is OU=HDInsightOU,DC=contoso,DC=onmicrosoft,DC=com. If this OU does not exist, the HDInsight cluster tries to create the OU by using the privileges that the service account has. For example, if the service account is in the Azure AD DS Administrators group, it has the right permissions to create an OU. Otherwise, you need to create the OU first and give the service account full control over that OU. For more information, see [Create an OU on an Azure AD DS managed domain](../../active-directory-domain-services/active-directory-ds-admin-guide-create-ou.md).
52
55
53
56
> [!IMPORTANT]
54
57
> Include all of the DCs, separated by commas, after the OU (for example, OU=HDInsightOU,DC=contoso,DC=onmicrosoft,DC=com).
@@ -58,11 +61,11 @@ When you create a domain-joined HDInsight cluster, you must supply the following
58
61
> [!IMPORTANT]
59
62
> Enter the complete URL, including "ldaps://" and the port number (:636).
60
63
61
-
-**Access user group**: The security groups whose users you want to sync to the cluster. For example, HiveUsers. If you want to specify multiple user groups, separate them by semicolon ‘;’.
62
-
64
+
-**Access user group**: The security groups whose users you want to sync to the cluster. For example, HiveUsers. If you want to specify multiple user groups, separate them by semicolon ‘;’. The group(s) must exist in the directory prior to provisioning. For more information, see [Create a group and add members in Azure Active Directory](../../active-directory/fundamentals/active-directory-groups-create-azure-portal.md). If the group does not exist, an error occurs: "Group HiveUsers not found in the Active Directory."
65
+
63
66
The following screenshot shows the configurations in the Azure portal:
64
67
65
-
.
68
+
.
0 commit comments