This article describes how to join a Windows domain. 

Note: This procedure applies to SGOS 6.7.x and later. 

Complete the following steps:

Integrate the Edge SWG (ProxySG) Appliance into the Windows Domain

To integrate the Edge SWG (ProxySG) appliance into one or more Windows domains, you must complete the following tasks:

1. Synchronize the Edge SWG (ProxySG) Appliances and Domain Controllers Clocks 

• The Edge SWG (ProxySG) appliance cannot join a Windows domain unless its internal clock is in sync with the Domain Controller. To ensure that the clocks are synchronized with the Domain Controller clock, use either of the following techniques:
  • Configure the Edge SWG (ProxySG) appliances to use the Domain Controller as the NTP source server
  • The Edge SWG (ProxySG) appliance NTP configuration options are located on the Configuration > General > Clock tab.

2. Join the Edge SWG (ProxySG) Appliance to the Windows Domain

• After you have synchronized the Edge SWG (ProxySG) appliance’s internal clock with the Domain Controller, you can join the appliance to one or more Windows domains as follows:
  • From the Edge SWG (ProxySG) Management Console, select Configuration > Authentication > Windows Domain > Windows Domain.
  •  In the Hostname panel, specify the hostname to use:
    • (Recommended) Select Use Default - {SG-serial_number} to use the default hostname.
    • Select or specify a different hostname.
      • Note: Unless you have a specific need to use a particular hostname (for example, to ensure correct DNS lookup), Symantec recommends that you use the default hostname to guarantee that each appliance’s hostname is unique. In addition, you must use unique hostnames for multiple Edge SWG (ProxySG) appliances joined to the same domain.
  • Click Apply
  • Click Add New Domain. The Add Windows Domain dialog displays.
  • Enter a Domain name alias and then click OK.
  • To save the domain alias setting, click Apply and then click OK. You will not be able to join the domain until you have saved the domain alias setting.
  • Select the domain Name you created and click Join. The Add Windows Domain dialog displays.
  • Configure the domain membership information:
    • In the DNS Domain Name field, enter the DNS name for the Windows Active Directory domain. This is not the fully qualified domain name of the Edge SWG (ProxySG) appliance
      • Note: The Edge SWG (ProxySG) appliance must be able to resolve the DNS domain name you supply for the Active Directory domain or the appliance will not be able to join the domain. If DNS resolution fails, check your DNS configuration.
    • Enter the primary domain access User Name. You can either enter the plain user name (for example, sg-admin) or use the username@dnsname format ([email protected]). This account must have sufficient rights for joining the domain.
    •  Enter the Password for this user.
    • Click OK. The appliance displays a message indicating that the domain was successfully joined and the value in the Joined field changes to Yes.

  • If you want Edge SWG (ProxySG) to join to additional Windows domains, repeat the above steps.

  • Click Apply to save your changes. 

Note: When the Edge SWG (ProxySG) first joins a domain, it creates a machine account in Domain/Computer. The domain user account must have the privilege to create and modify the Edge SWG (ProxySG) machine account in AD. Once the Edge SWG (ProxySG) joined the domain, it discards the domain user account & password and uses Edge SWG (ProxySG) machine account for subsequent communications. The Edge SWG (ProxySG) machine account is the Hostname defined in Management Console > Authentication > Windows Domain > Hostname. The Edge SWG (ProxySG) changes its machine account password every fifteen days.