Description: Canaries support a Windows File Share service, which can be run in both workgroup and Active Directory (AD) mode. The below steps take you through joining your Canary to your AD using the bluetooth configuration.

Note: Remotely joining your Canary to AD is now possible from version 2.1.1 and Virtual Canary from version 2.1.2. Most people find that the most convenient method for joining.

In preparation to join an AD, you'll need these resources:

  1. A configured and correctly working Active Directory.
  2. Credentials of a user who has permission to join machines to the AD. Oftentimes this is an Administrator, but not necessarily so.
  3. The bird will need to be on a network segment that can reach the domain controllers.

Follow the steps below to join your Canary to an AD.

Step 1: Reboot into configuration mode

Power off your Canary, hold down the configuration button (which is also the status LED), then plug it back into the power source.

After a few seconds, the LED will show purple, at which point you can let go of the button.

Step 2: Configure your basic settings

On the management page, select options and services you wish to enable. An easy approach is to select one of the pre-built profiles:

Step 3: Configure the Active Directory and file share settings

It's important to ensure that:

  • The "Mode" field is set to "Domain".
  • The fully qualified name of the Active Directory you want to join (e.g. corp.thinkst.com)

If you are unsure whether to enable guest access, you can read about the pros and cons over here.

Step 4: Click "Save" to move onto the next step

Step 5: The join procedure will start up automatically

A number of steps will run to ensure that the domain is reachable and functioning as expected.

Step 6: Enter AD credentials when prompted and click "Join Domain"

The bird's configuration will complete automatically once the domain join process is completed and credentials verified successfully.

Troubleshooting:

I have old clients and need to specify NT-style domain names

Click "Specify pre-Windows 2000 domain name", and enter the domain name in the "Pre-Windows 2000 Domain Name" field.

My domain requires SMB signing to be enabled

Click "Advanced config", then select your signing level.

My domain join fails on the "Check DHCP" step

Your Canary expects to be able to extract domain information from the DNS servers handed out by DHCP. If your Canary has a static IP configuration, please check out this article.