Join an Active Directory Domain
You can join computers to Active Directory using one of the following ways:
- Command line utility.
- A GUI-based domain join tool.
For more information about the Domain Join tool CLI commands, please see the AD Bridge Linux Administration Guide.
When AD Bridge Enterprise joins a computer to an Active Directory domain, it uses the hostname of the computer to create the name of the computer object in Active Directory. From the hostname, the AD Bridge Enterprise domain join tool attempts to derive a fully qualified domain name. By default, the AD Bridge Enterprise domain join tool creates the Linux and Unix computer accounts in the default Computers container in Active Directory.
After you join a domain for the first time, you must restart the computer before you can log on. If you cannot restart the computer, you must restart each service or daemon that looks up users or groups through the standard nsswitch interface, which includes most services that authenticate users, groups, or computers. You must, for instance, restart the services that use Kerberos, such as sshd.
Pre-Create Accounts in Active Directory
You can create computer accounts in Active Directory before you join your computers to the domain. When you join a computer to a domain, AD Bridge Enterprise associates the computer with the pre-existing computer account when AD Bridge Enterprise can find it.
To locate the computer account, AD Bridge Enterprise first looks for a computer account with a DNS hostname that matches the hostname of the computer. If the DNS hostname is not set, AD Bridge Enterprise then looks for the name of a computer account that matches the computer's hostname, but only when the computer's hostname is 15 characters or less.
Therefore, when the hostname of your computer is more than 15 characters, set the DNS hostname for the computer account to ensure that the correct computer account is found. If no match is found, AD Bridge Enterprise creates a computer account.