TrueNAS
Products
Support & Resources
Solutions
Company
  1. TrueNAS 25.10
  2. /
  3. UI Reference Guide
  4. /
  5. Credentials
  6. /
  7. Directory Services Screens
  8. /
  9. Active Directory Screens
Edit page
TrueNAS TrueNAS Stable Version Documentation
This content follows TrueNAS 25.10 (Goldeye) releases.
Use the Product and Version selectors above to view content specific to a different software release.

Active Directory Screens

  5 minute read.

The Directory Services screen and widgets provide access to TrueNAS settings to set up access to directory services and advanced authentication systems deployed in user environments.

TrueNAS does not configure Active Directory domain controllers or LDAP directory servers, nor does it configure Kerberos authentication servers or ID mapping systems.

Refer to documentation for these services and systems for information on how to configure each to suit your use case.

Configuring Active Directory

The Active Directory directory service configuration screen shows after selecting Active Directory in the Configuration Type dropdown list in the Directory Services Configuration screen.

For detailed configuration instructions, see Configuring Active Directory.

Active Directory Widget

The Active Directory widget displays after configuring TrueNAS to access your Active Directory domain controller. The widget shows Status, Domain Name, and Domain Account Name.

Active Directory Widget
Figure 1: Active Directory Widget

Settings opens the Active Directory configuration screen.

Rebuild Directory Service Cache resyncs the cache if it gets out of sync or if there are fewer users than expected available in the permissions editors.

Leave Domain removes the TrueNAS system from the Active Directory server.

Directory Services Active Directory Configuration Screen

The Directory Services Configuration screen organizes settings into multiple sections: Basic Configuration, Credential Configuration, Active Directory Configuration, Trusted Domains Configuration, and IDMAP Configuration.

The Directory Services Configuration screen is used to configure one of three directory services: Active Directory, IPA, or LDAP. The configuration sections and settings change based on the Configuration Type selected.

Active Directory Basic Configuration Section

The Basic Configuration section settings control core Active Directory service settings.

AD Basic Configuration
Figure 2: AD Basic Configuration
Basic Configuration Settings
SettingDescription
Configuration TypeSets the type of directory service. Active Directory shows Active Directory domain integration settings.
Enable ServiceActivates the Active Directory configuration. Enabled by default. Clear to disable the configuration without deleting it. Re-enable it later without reconfiguring it. The Directory Services screen returns to the default and provides the options to configure AD, LDAP, or IPA.
Enable Account CacheCaches user and group information. Caching makes directory users and groups available in UI dropdown menus. Enabled by default.
Enable DNS UpdatesAllows the directory service to update DNS records. Enabled by default.
Timeout (seconds)The number of seconds before the directory service connection times out. Valid range is 1-40 seconds.
Kerberos RealmDefines the Kerberos realm for authentication. This field auto-populates after joining the Active Directory domain.

Active Directory Credential Configuration Section

The Credential Configuration section settings define authentication methods for Active Directory access.

Credential Configuration
Figure 3: Credential Configuration
Credential Configuration Settings
SettingDescription
Credential Type(Required) Sets the credential type for Active Directory authentication. Options include Kerberos User and Kerberos Principal.
Username(Required) The Active Directory domain administrator username. Enter only the username (for example, Administrator), not the domain-prefixed format.
Password(Required) The password for the administrator account.

Active Directory Configuration Section

The Active Directory Configuration section settings define the connection parameters and domain-specific options.

AD Configuration
Figure 4: AD Configuration
Active Directory Configuration Settings
SettingDescription
TrueNAS Hostname(Required) The hostname for the TrueNAS system. This value must match the Hostname setting on the Network > Global Configuration screen and cannot exceed 15 characters. Cannot contain: `\ / : * ? " < >
Domain Name(Required) The Active Directory domain name (for example, example.com) or child domain (for example, sales.example.com) if configuring access to a child domain.
Site NameThe relative distinguished name (RDN) of the site object in the AD server. TrueNAS automatically detects this from the Active Directory server.
Computer Account OUThe organizational unit (OU) where the TrueNAS computer object is created when joining the Active Directory domain for the first time. The OU string includes the distinguished name (DN) of the Computer Account OU. For example, OU=Computers,DC=example,DC=com.
Use Default DomainRemoves the domain name prefix from AD users and groups. This setting may be required for specific configurations such as Kerberos authentication with NFS for AD users. Note that using this setting can cause collisions with local user account names.

Trusted Domains Configuration Section

The Trusted Domains Configuration section controls access for trusted domains.

Trusted Domains Configuration Settings
SettingDescription
Enable Trusted DomainsAllows clients to access TrueNAS if they are members of domains with a trust relationship. Starting in TrueNAS 25.10, trusted domains are configured as part of the Active Directory configuration rather than as separate IDmap entries. When enabled, additional trusted domain configuration options appear. Each trusted domain requires an IDMAP Backend selection.

IDMAP Configuration Section

The IDMAP Configuration section controls identity mapping settings.

IDMAP Configuration
Figure 5: IDMAP Configuration
IDMAP (Identity Mapping) ensures that UIDs and GIDs assigned to Active Directory users and groups have consistent values domain-wide. By default, TrueNAS uses an algorithmic method based on the RID component of the user or group SID, which is suitable for most environments. Only administrators experienced with configuring ID mapping should customize IDMAP settings.
IDMAP Configuration Settings
SettingDescription
Use TrueNAS Server IDMAP DefaultsUses default IDMAP configuration. Enabled by default and recommended for most setups. Clear to reveal additional configuration options: Builtin section with optional Name field and required Range Low and Range High fields, and IDMAP Domain section with required IDMAP Backend, Name, Range Low, and Range High fields.
IDMAP BackendSets the backend plugin interface for Winbind to store SID in UID/GID mapping tables. Options include AD, AUTORID, LDAP, NSS, RFC2307, RID, and TDB.
Range LowThe lowest UID/GID number the IDMAP backend translates. Works with Range High to establish the range.
Range HighThe highest UID/GID number the IDMAP backend translates. Works with Range Low to establish the range.

Related Content

UI Reference
Tutorials

Have more questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).