In order for resources on a network to be locatable, a mechanism must exist whereby the resources can easily be found. A directory service in this case, Active Directory keeps track of all known resources and responds to requests with a list of currently available devices and services. But before you can be trusted to query for resources, you must be granted membership in the Active Directory domain.

Active directory works on a container basis. A container can be a domain organization unit (OU) or computer. The key benefits for an N series storage system to join Active Directory are: controlled security and management through group management, single-sign-on and pass-through authentication for users, and interoperability by extending control beyond the native Windows environment through the Microsoft management interface by providing a read-only computer management view of: shared folders, shares, sessions, and open files, and local users and groups to the N series storage system.

Data ONTAP is a proprietary operating system developed by Network Appliance; it is not based on the Windows OS. Consequently, the current Data ONTAP operating system requires additional rights assigned to the user or to the precreated device object when an administrator or administrator equivalent account is not used. Once the computer object has successfully joined the Active Directory domain, the user account credentials will no longer be used and are not stored in any way in the OS. They are used only to allow the N series storage system to become an active member of Active Directory and to write standard properties to the object during the join process (the properties that are written are listed in the next section).