https://youtu.be/-HMyEpDJeGg Configuring Ambari 2.4.2 and HDP 2.5 for Kerberos using AD as the KDC Add bonus coverage of adding a new datanode to a HDP cluster that is secured. There are empty OUs created in AD to store hadoop principals/hadoop nodes (HadoopServices) Hadoopadmin user has administrative credentials with delegated control of "Create, delete, and manage user accounts" on above OU Delegate OU permissions to hadoopadmin for OU=HadoopServices. In 'Active Directory Users and Computers' app: right click HadoopServices Delegate Control Next Add hadoopadmin checknames OK Select "Create, delete, and manage user accounts" OK KDC: KDC host: ad01.prod.hortonworks.net Realm name: PROD.HORTONWORKS.NET LDAP url: ldaps://ad01.prod.hortonworks.net Container DN: OU=HadoopServices,DC=prod,DC=hortonworks,DC=net Domains: prod.hortonworks.net Kadmin: Kadmin host: ad01.prod.hortonworks.net Admin principal: hadoopadmin@PROD.HORTONWORKS.NET Admin password: xxxxxx ... View more