Using eBox As Windows Primary Domain Controller - Page 3

6. Configuring general PDC settings

To configure the general PDC and file sharing settings, in the left menu select File sharing.

In the General settings tab will enable the PDC with the Enable PDC checkbox. Also you may change the domain name from is default value to a name which makes sense for your domain or organization. We will use ebox as domain name. You may change the netbios name as well. This will be the name used to identify the server when using the netbios protocol. This name should not be the same than the domain, regardless of their case, or we will have troubles connecting. We will use ebox-server as netbios name.

In the Description field you can enter some text to identify the domain.

The Quota limit field is to assign the default disk quota to new users.

The Enable roaming profiles checkbox controls whether the user desktop profile is saved to the PDC server and used in every desktop the user logs in. The downside of this feature is that in some cases the user profile could take a lot of space in the disk. We want to use this feature on this tutorial so we will enable it.

The Drive letter field assigns which letter will be used for the virtual drive containing the user home.

PDC general settings


7. Configuring PDC password policy settings

Domain administrators usually enforce some kind of password policy because left to users themselves they will choose weak passwords and rarely will change them.

In the PDC tab we will see three passwords settings to configure:

The first one is Password Length, We want that all users choose a password with 8 character at least, so we raise this value to 8 characters.

The second one is Maximum Password Age, we set it to 180 days to make sure that the users change their password at least two times for year.

Last one is Enforce password history, this setting is to make sure that the users do not reuse old passwords, we set it to Keep history for 5 passwords so the users cannot reuse their last five passwords.

PDC password settings


8. Saving changes

Now that we have the basic PDC configuration nailed down, we need to save the changes to commit them to the system. For this we have a button Save changes in the right upper corner, if we have pending changes to commit it will have a red colour otherwise it will be in green. Since we have made changes it will be painted with a bright red, so we can click on it.

Save changes button

After clicking you will see a screen which will show you two options, saving the pending configuration changes or discard them. If you discard them the configuration will revert either to the default state or, if you have already saved any changes, to the last time you saved changes. We want to commit our changes so we will click on the button Save changes.

In some cases after clicking a screen will be pop up asking for authorization to overwrite some configuration files. If you want that eBox to manage those files accept the request, if you deny it eBox would not be able to commit your configuration.

Then you will show a screen which displays the progress in committing the new configuration. When it finish a Changes saved message will be show.

Warning: Changes in user and groups are committed immediately, so you don't need to save them and couldn't discard them.


9. Adding computers to the PDC

Now we have our PDC server running is time to add some computers to the domain. For this we will need to know the name of our domain and the user name and password of a user with administration rights. In our example the user pdcadmin fits the bills.

The computer to be added must be in the same network and need to have a CIFS- capable Windows (i.e. Windows XP Professional). The eBox network interface that connects to this network must not be marked as external interface. In the following instructions we will assume that you have a Windows XP Professional.

Log into the Windows system and click on My PC -> Properties, then click on the button Change, in the section To rename this computer or join a domain.

clicking on windows change domain

In the next window, set the domain name and then click OK.

setting domain name

A login window will pop up, you have to login as the user with administration privileges.

login as user with
administration priveleges

If all the steps were correctly done a welcome message to the domain should appear. After joining the domain you will need to restart the computer. You next login could be done with a domain user.

login with a domain user

If you need more assistance to add the computer to your domain you can check the Microsoft documentation about this procedure.

Share this page:

14 Comment(s)

Add comment


From: Brian C at: 2010-09-05 06:59:52

In windows in order to be a domain controller you have to enable DNS, why would that not be true with ebox, just a thought? I will try this the way you have written it I am sure it was working for you before you wrote this, I was just wondering. Maybe this was just for a one server application with some sort of router for DHCP also. Dunno, any way thanks for the tutorial not trying to nit pick just trying to figure out the network environment for this setup is all.

From: Anonymous at: 2011-10-20 02:35:55

DNS is required for Active Directory. ebox sets up an NT style domain controller which did not require the DNS setup.

From: Emanuele at: 2009-11-27 00:25:52

Hello folks,

 I saw this good tutorial, but I still don't find a guide which can explain how to manage computer account.

 Simply, when you join a computer to the domain, you are able to login on the domain and use all the features and advantages dues to a centralized authentication and authorization system. But on ebox, there is no management interface section for domain users & computers, like "Users and computers" on m$ windows . Or, if exist, I still haven't found it.

 Please, anybody can explain to me how to manage computer accounts on Ebox ?


Best regards


PS : I apologize, I know this is very bad english, I hope you can understand what I'm searching for :-)

From: Camilo at: 2010-04-14 10:09:15

Hi guys, I have a little problem.... I erased domain admins and administrators groups and now I can't add computers to the domain. I created them again but it still won't work. Any idea?? Thank you a lot.

From: Josh at: 2010-06-24 20:09:57

I have the same question.  How are we to admin the users within the domain?

From: at: 2009-11-27 07:07:39

1) When Windows Server (2003 or 2008) is used as a PDC it isn't necessary to use an administrator account to add a PC to the domain. Can this be done with Linux+eBox?

2) Is there any way to have group policies for the domain just like when Windows Server is the PDC?



From: Don at: 2010-01-05 02:25:42


 in the screenshots of the ebox File Sharing Options, the domain name is set to ebox-server. In the Windows XP Compute Change Name dialog box, 'EBOX' is used for the domain.

 Shouldn't these be the same?

 Also, after joining the domain, the windows machine wants to reboot!?

From: Op3rat0r at: 2011-10-23 17:30:28


as you can read in the text, it says "We will use ebox as domain name". You are right that the picture is wrong. In the picture the domina name should also be ebox.

It is normal that when you join a computer to a domain, that the computer has to reboot. Their are several adjustments that will be done with the computer....

Sry for my bad english!


Greetings from germany



From: Anonymous at: 2009-12-03 15:25:26

I just wanted to thank you for your very informative tutorial. I have been looking for something like it for quite some time. I was wondering though what packages actually take care of the controller? OpenLDAP?

From: javivazquez at: 2009-12-05 16:09:33

Yes, it uses OpenLDAP.

You can check a full list of the software used by eBox in its trac:

From: at: 2009-12-10 02:30:51

Great Work, Jav.

Can't wait to try this out on a server I am building.


From: xrisse at: 2010-01-26 07:33:46

Great stuff - but what about windows 7 and joining ebox' domain? Can I manualy upgrade Samba? I've already backported Samba 3.3.4-2 on hardy (8.04). Any idears?

From: philmills at: 2010-01-26 07:37:45

There's a great thread here which also explains how to map different shares to different user groups using a little vbs. Script is provided, and its really easy to use. Awesome!

From: Op3rat0r at: 2011-10-23 17:37:25


yes you can join Win7 Clients to an eBox PDC.

Sometimes just check the Zentyal Community....


greetz from germany