Join an Active Directory Domain

You can join computers to Active Directory using the command line utility (CLI):

For more information about the Domain Join tool CLI commands, see the AD Bridge Linux Administration Guide.

Overview

When AD Bridge joins a computer to an Active Directory domain, it uses the hostname of the computer to create the name of the computer object in Active Directory. From the hostname, the AD Bridge domain join tool attempts to derive a fully qualified domain name. By default, the AD Bridge domain join tool creates the Linux and Unix computer accounts in the default Computers container in Active Directory.

After you join a domain for the first time, you must restart the computer before you can log on. If you cannot restart the computer, you must restart each service or daemon that looks up users or groups through the standard nsswitch interface, which includes most services that authenticate users, groups, or computers. You must, for instance, restart the services that use Kerberos, such as sshd.

Pre-Create Accounts in Active Directory

You can create computer accounts in Active Directory before you join your computers to the domain. When you join a computer to a domain, AD Bridge associates the computer with the pre-existing computer account when AD Bridge can find it.

To locate the computer account, AD Bridge first looks for a computer account with a DNS hostname that matches the hostname of the computer. If the DNS hostname is not set, AD Bridge then looks for the name of a computer account that matches the computer's hostname, but only when the computer's hostname is 15 characters or less.

Therefore, when the hostname of your computer is more than 15 characters, set the DNS hostname for the computer account to ensure that the correct computer account is found. If no match is found, AD Bridge creates a computer account.