Join Active Directory Without Changing /etc/hosts

When you use the AD Bridge Enterprise domain join tool, AD Bridge Enterprise uses the host name of the computer to derive a fully qualified domain name (FQDN) and automatically sets the computer’s FQDN in the /etc/hosts file.

To join a Linux computer to the domain without changing the /etc/hosts file, run the following command as root. Replace:

  • domainName: the FQDN of the domain to join
  • joinAccount: the user account with privileges to join computers to the domain
/opt/pbis/bin/domainjoin-cli join --disable hostname   domainName joinAccount

Example:

/opt/pbis/bin/domainjoin-cli join --disable hostname example.com Administrator

After you join a domain for the first time, you must restart the computer before you can log on.

If the Computer Fails to Join the Domain

Make sure the computer's FQDN is correct in /etc/hosts. For the computer to process tickets in compliance with the Kerberos protocol and to function properly when it uses cached credentials in offline mode or when its DNS server is offline, there must be a correct FQDN in /etc/hosts.

For more information on GSS-API requirements, please see RFC 2743.

You can determine the FQDN of a computer running Linux or Unix by executing the following command:

ping -c 1 `hostname`

When you execute this command, the computer looks up the primary host entry for its hostname. In most cases, this means that it looks for its hostname in /etc/hosts, returning the first FQDN name on the same line. For example, the correct entry for the hostname qaserver, in /etc/hosts:

10.100.10.10 qaserver.corpqa.example.com qaserver.

If the entry in /etc/hosts incorrectly lists the hostname (or anything else) before the FQDN, the computer's FQDN becomes, using the malformed example below, qaserver:

10.100.10.10 qaserver qaserver.corpqa.example.com

If the host entry cannot be found in /etc/hosts, the computer looks for the results in DNS instead. This means that the computer must have a correct A record in DNS. If the DNS information is wrong and you cannot correct it, add an entry to /etc/hosts.