Description: Canaries support a Windows File Share service, which can be run in either workgroup or Active Directory (AD) mode. The steps below take you through joining your Canary to your AD using the Bluetooth configuration.

Note: Remotely joining your Canary to AD is now possible from version 2.1.1 and Virtual Canary from version 2.1.2. Most people find that the most convenient method for joining.

In preparation to join an AD, you'll need these resources:

A configured and correctly working Active Directory.
Credentials of a user who has permission to join machines to the AD. Oftentimes this is an Administrator, but not necessarily so.
The bird will need to be on a network segment that can reach the domain controllers.

Note: The Domain Controller needs to be running a time server. The Canary uses this to sync its time, without the time server the join will fail with an NTP error.

Follow the steps below to join your Canary to an AD.

Step 1: Reboot into configuration mode

Power off your Canary, hold down the configuration button (which is also the status LED), then plug it back into the power source.

After a few seconds, the LED will show purple, at which point you can let go of the button.

Step 2: Configure your basic settings

On the management page, enable the options and services you would like your Canary to mimic. An easy approach is to select one of the pre-built device personalities:

Once you have selected your Devices Personality or the preferred services, scroll down to Windows File Share.

Step 3: Configure the Active Directory and file share settings

It's important to ensure that:

The "Mode" field is set to "Domain".
The fully qualified name of the Active Directory you want to join (e.g. corp.thinkst.com)

If you are unsure whether to enable guest access, you can read about the pros and cons over here.

Step 4: Click "Save" to move onto the next step

Step 5: The join procedure will start up automatically

A number of steps will run to ensure that the domain is reachable and functioning as expected.

Step 6: Enter AD credentials when prompted and click "Join Domain"

The bird's configuration will complete automatically once the domain join process is completed and credentials verified successfully.

Troubleshooting:

I have old clients and need to specify NT-style domain names

Click "Specify pre-Windows 2000 domain name", and enter the domain name in the "Pre-Windows 2000 Domain Name" field.

My domain requires SMB signing to be enabled

Click "Advanced config", then select your signing level.

My domain join fails with: "Insufficient quota exists to complete the operation"

This error generally means that the current authenticated user has reached their limit for joining machines to the domain. By default, Active Directory will only allow a user to join 10 machines to the domain. The simplest way to get around this is to try to authenticate with a different user.

Can't change Computer Name for a bird that is domain-joined.

This error normally crops up when the Canary was named Server01; its name then changed to Server02. Unfortunately, the original name remains for the domain-join.

To fix the domain-join info there are two options:
Option 1:
- rename the bird back to Server01
- leave the domain
- rename the bird to the required name (Server02)
- rejoin the domain

Option 2:
- Factory reset bird
- domain-join and enrol with the correct name (Server02)

Search

Joining your Canary to Microsoft Active Directory

Step 1: Reboot into configuration mode

Step 2: Configure your basic settings

Step 3: Configure the Active Directory and file share settings

Step 4: Click "Save" to move onto the next step

Step 5: The join procedure will start up automatically

Step 6: Enter AD credentials when prompted and click "Join Domain"

Troubleshooting:

I have old clients and need to specify NT-style domain names

My domain requires SMB signing to be enabled

My domain join fails with: "Insufficient quota exists to complete the operation"

Can't change Computer Name for a bird that is domain-joined.

To fix the domain-join info there are two options:
Option 1:
- rename the bird back to Server01
- leave the domain
- rename the bird to the required name (Server02)
- rejoin the domain

Option 2:
- Factory reset bird
- domain-join and enrol with the correct name (Server02)

Search

Step 1: Reboot into configuration mode

Step 2: Configure your basic settings

Step 3: Configure the Active Directory and file share settings

Step 4: Click "Save" to move onto the next step

Step 5: The join procedure will start up automatically

Step 6: Enter AD credentials when prompted and click "Join Domain"

Troubleshooting:

I have old clients and need to specify NT-style domain names

My domain requires SMB signing to be enabled

My domain join fails with: "Insufficient quota exists to complete the operation"

Can't change Computer Name for a bird that is domain-joined.

To fix the domain-join info there are two options:Option 1:- rename the bird back to Server01- leave the domain- rename the bird to the required name (Server02)- rejoin the domain

Option 2:- Factory reset bird- domain-join and enrol with the correct name (Server02)

To fix the domain-join info there are two options:
Option 1:
- rename the bird back to Server01
- leave the domain
- rename the bird to the required name (Server02)
- rejoin the domain

Option 2:
- Factory reset bird
- domain-join and enrol with the correct name (Server02)