Use AD Bridge with a Single OU

Use AD Bridge with a Single Organizational Unit

You can use AD Bridge if you have write privileges for only one OU. Your AD rights to create objects in the OU allow you to join Linux and Unix computers to the OU even though you do not have Active Directory Domain Administrator or Enterprise Administrator privileges.

For more information, see Assign Permissions to Manage AD Bridge Cells.

There are additional limitations to this approach:

You must join the computer to a specific OU, and you must know the path to that OU.
You cannot use AD Bridge in Directory Integrated mode unless you have Enterprise Administrator privileges, which are required to upgrade the schema.

Join a Linux Computer to an Organizational Unit

To join a computer to a domain, you need:

The user name and password of an account that has privileges to join computers to the OU
The full name of the domain that you want to join. The OU path is from the top OU down to the OU that you want.

As root, execute the following command, replacing organizationalUnitName with the path and name of the OU that you want to join, domainName with the FQDN of the domain, and joinAccount with the user name of an account that has privileges to join computers to the domain:

/opt/pbis/bin/domainjoin-cli join --ou organizationalUnitName domainName joinAccount

/opt/pbis/bin/domainjoin-cli join --ou Engineering example.com Administrator

Example of how to join a nested OU:

domainjoin-cli join --ou topLevelOU/middleLevelOU/LowerLevelOU/TargetOU example.com Administrator

After you join a domain for the first time, you must restart the computer before you can log on.