Univention Bugzilla – Bug 49304
Reports of failing setup as AD Member when joining with different user than "Administrator"
Last modified: 2023-03-25 06:52:20 CET
In 2017 we had two feedback reports from failing UMC "StartupDialog", where the the setup failed when setting up UCS as AD Member and using a different user than "Administrator" to join: * "I was unable to join the domain until I renamed our Domain Administrator account to administrator." * "der Domain join mit einem Administrativen Benutzer anders als Administrator ist nicht möglich. Ich musste den Administrator extra wieder Aktiviren." We were unable to reproduce the problem today. We tested this with UCS 4.4-0 and UCS 4.3-4 by creating a new user "foo" on a MS Server 2008R2 AD DC, adding it to the group "Domain Admins" and running the UCS installer interactively to setup and join a UCS Master into the MS AD domain. The purpose of this bug is to collect more information about this, in case new feedback or support tickets are opened for this situation. Please note that this bug only focusses oh the setup&join of a UCS Master here. If you want to join additional UCS servers into an AD Member setup, it is important to consider Bug #47193, which documented that the join user needs to be member of the group "DC Backup Hosts". I created Bug #49303 to improve user guidance for that case.
Apparently it's a known fact that "admin" doesn't work. Maybe due to the collision with the LDAP root dn, which could cause authentication errors etc.
Joining an AD with an admin-account not named "administrator" and located on another OU works with UCS 4.4-0.
The test cases : http://jenkins.knut.univention.de:8080/job/UCS-4.4/job/UCS-4.4-0/job/ADMemberMultiEnv/ in Jenkins test joining an UCS system into a Windows AD Server with an administrator account not named "Administrator".
Ok