Under the Active Directory Service Principle section, enter your Active Directory settings.
- Click the Support signed updated from Windows (GSS-TSIG) to enable GSS-TSIG updates from Active Directory.
- In the Service Principal Name field, enter the Service
Principal Name that is mapped to the AD account of the Distributed DDNS service for
this domain. The domain account for DNS service must be created on the AD server
before entering the information for this step. For more information, refer to Reference: Active Directory service configuration.Note: The full account name must be the same value as the DDNS Service Name in the BAM Configuration section to ensure that there is a host record for that name that points to the IP address of the DDNS service.
- In the Password field, enter the password of the Active Directory user account to which the Service Principal Name maps.
- In the Key Version Number field, enter the key version number
(knvo) attribute of the Active Directory user account to which the
Service Principal Name maps.Note: You can verify the knvo of the Active Directory user account using the following PowerShell command on the Active Directory server:
get-aduser <username> -property msDS-KeyVersionNumber
- Click Test to verify the Service Principal Name and password against the KDC configuration in the /etc/krb5.conf file.