I configured DNS on my Windows Server 2016 (takes some time, probably 15 minutes):
ipconfig /registerdns

So I was able to do
nslookup virtual.domain1
from another Windows machine.
And followed the steps described in this guide:
dsquery user -name administrator
"CN=Administrator,CN=Users,DC=virtual,DC=domain1"
dsadd user "CN=oracle02,CN=Users,DC=virtual,DC=domain1" -pwd *** dsacls "CN=Users,DC=virtual,DC=domain1" /I:S /G "oracle02:RP;;user" "oracle02:WP;LockoutTime;user" dsacls "CN=Users,DC=virtual,DC=domain1"
Owner: VIRTUALDOMAIN\Domain Admins Group: VIRTUALDOMAIN\Domain Admins ... Inherited to user Allow VIRTUALDOMAIN\oracle02 SPECIAL ACCESS READ PROPERTY Allow VIRTUALDOMAIN\oracle02 SPECIAL ACCESS for lockoutTime WRITE PROPERTY The command completed successfully
dsquery group -name ora*
"CN=ORA_VFR_11G,CN=Users,DC=virtual,DC=domain1" "CN=ORA_VFR_12C,CN=Users,DC=virtual,DC=domain1" "CN=ORA_VFR_MD5,CN=Users,DC=virtual,DC=domain1"
get-ADUser oracle02 -Properties orclCommonAttribute
DistinguishedName : CN=oracle02,CN=Users,DC=virtual,DC=domain1 Enabled : True GivenName : Name : oracle02 ObjectClass : user ObjectGUID : c95aa763-cc62-4c05-b38e-82444dc82105 orclCommonAttribute : SamAccountName : oracle02 SID : S-1-5-21-518566821-4215415469-1285754680-2606 Surname : UserPrincipalName :
On Linux machine where Oracle Database is run in a Docker container:
sudo docker exec -u 0 -it --workdir / oracle18se /bin/bash
and then in the container:
echo "172.28.46.146 server1" >> /etc/hosts
or alternatively on Linux host:
sudo docker exec -it oracle18se /bin/bash
and then in the container:
su -
and enter root user password.
dsi.ora file:
DSI_DIRECTORY_SERVERS = (server1.virtual.domain1:389:636) DSI_DEFAULT_ADMIN_CONTEXT = "DC=virtual,DC=domain1" DSI_DIRECTORY_SERVER_TYPE = AD
using command line:
cd $ORACLE_BASE/admin/ORCLCDB mkdir wallet cd wallet echo "DSI_DIRECTORY_SERVERS = (server1.virtual.domain1:389:636)" >> dsi.ora echo "DSI_DEFAULT_ADMIN_CONTEXT = \"DC=virtual,DC=domain1\"" >> dsi.ora echo "DSI_DIRECTORY_SERVER_TYPE = AD" >> dsi.ora
Generating the certificate:

To determine the host address from Docker container I used
/sbin/ip route|awk '/default/ { print $3 }'
Uploading from a Windows machine to Ubuntu host:
pscp AD_CA_Root_cert.txt guber@tor:/home/guber/temp
Uploading from Ubuntu host to Oracle Linux container:
scp guber@172.17.0.1:/home/guber/temp/AD_CA_Root_cert.txt .
After I copied the certificate to the container and I created Oracle Wallet:
orapki wallet create -wallet /opt/oracle/admin/ORCLCDB/wallet -auto_login
The following files were created:
cwallet.sso cwallet.sso.lck ewallet.p12 ewallet.p12.lck
Did Step 7 from the guide:
ALTER SYSTEM SET LDAP_DIRECTORY_ACCESS = 'PASSWORD' SCOPE=SPFILE; ALTER SYSTEM SET LDAP_DIRECTORY_SYSAUTH = YES SCOPE=SPFILE; SHUTDOWN IMMEDIATE STARTUP SHOW PARAMETER LDAP
Configured container’s DNS:
echo "nameserver 172.28.46.146" > /etc/resolv.conf echo "nameserver 172.28.0.1" >> /etc/resolv.conf echo "nameserver 10.0.0.15" >> /etc/resolv.conf nslookup virtual.domain1
Server: 172.28.46.146 Address: 172.28.46.146#53 Name: virtual.domain1 Address: 172.28.46.146 Name: virtual.domain1 Address: 192.168.137.192 Name: virtual.domain1 Address: fdae:1665:8a78::6dc
Did Step 8 from the guide:
In Windows Command Prompt:
dsadd user "cn=test3,cn=Users,dc=virtual,dc=domain1" -pwd Password333 -memberof "cn=ORA_VFR_12C,cn=Users,dc=virtual,dc=domain1" dsmod user "cn=test3,cn=Users,dc=virtual,dc=domain1" -pwd Password3 powershell get-ADUser test4 -Properties orclCommonAttribute
The user becomes a member of ORA_VFR_12C:

while ORA_VER_11G and ORA_VER_MD5 groups remain empty. Also dsmod command sets orclCommonAttribute attribute:
DistinguishedName : CN=test4,CN=Users,DC=virtual,DC=domain1 Enabled : True GivenName : Name : test4 ObjectClass : user ObjectGUID : cb89cf79-12e9-471a-ae68-39a5f42092c5 orclCommonAttribute : {MR-SHA512}cGRwIT/MiI6VhTAPxzcJ4gLF7eac2qKzYOEAeFrAZUZ7nQTPYd5yDU801F6/fhzZ9GDibWtEMmrds4VcvsGRXL P7ZLtYutPF1zE6wXWyR9Q= SamAccountName : test4 SID : S-1-5-21-518566821-4215415469-1285754680-2618 Surname : UserPrincipalName :
Then in the docker container:
export ORACLE_SID=ORCLCDB cd $ORACLE_HOME/bin ./sqlplus sys as sysdba
alter session set "_ORACLE_SCRIPT"=true; create user test3 identified globally as 'cn=test3,cn=Users,dc=virtual,dc=domain1'; grant create session to test3;
Now I am able to connect with SQL Developer with SID, but not Service Name:

To query ‘test3’ user from DBA_USERS table we should connect as SYSDBA with SID:

select * from dba_users where username like '%TEST%';
‘test3′ user has fields AUTHENTICATION_TYPE=’GLOBAL’ and EXTERNAL_NAME=’cn=test3,cn=Users,dc=virtual,dc=domain1′ while regular users have AUTHENTICATION_TYPE=’PASSWORD’ .
