Manage AD Bridge Hosts

To access the hosts, a valid SSH credential with administrative rights on the host is required.

Install and Upgrade AD Bridge

To install or upgrade AD Bridge hosts:

  1. Go to the Hosts > Host Inventory page.
  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.
  1. On the Primary Action page, select Active Directory Bridge.
  1. On the Secondary Action page, select one from the following:
    • Install: Install AD Bridge software.
    • Upgrade: Upgrade AD Bridge software to the version loaded in the console. If you select Upgrade, you can skip to step 6.
  2. If you select Install, you can configure the Active Directory information on the Action Requirements page. By default, the Use Domain Browser toggle is turned on. To manually enter the information, click the toggle to turn it off.
    • Perform optional Domain join: Select to join the Active Directory host to the domain. The join action occurs after the AD Bridge software installation completes. The toggle is turned on by default. Click the toggle if you do not want to join the host to the domain at this time.
    • Forest: Select the forest from the list. The forest listed here is the directory service connection already configured from the Settings > Directory Services menu.
    • Domain: Select a domain from the list.
    • OU: Click Browse to search for the OU.
    • AD Credential: Select the credential you want to use to access Active Directory. This credential is added when you create the directory services connection.
    • Additional Arguments: Add domain-join cli arguments.
  1. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.
  1. Review the Summary page, and then click Finish.
  1. Review the Task page and verify the completed status of attempted actions under Task Summary.
  2. To view more information about Task Status, click Task Details.

Join the Host to an Active Directory Domain

To join selected AD Bridge hosts to a domain:

  1. Go to the Hosts > Host Inventory page.
  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.
  1. On the Primary Action page, select Active Directory Bridge.
  1. On the Secondary Action page, select Domain join.
  2. On the Action Requirements page, select the Active Directory information. By default, the Use Domain Browser toggle is turned on. To manually enter the information, click the toggle to turn it off.
    • Forest: Select the forest from the list. The forest listed here is the directory service connection already configured from the Settings > Directory Services menu.
    • Domain: Select a domain from the list.
    • OU: Click Browse to search for the OU.
    • AD Credential: Select the credential you want to use to access Active Directory. This credential is added when you create the directory services connection.
    • Additional Arguments: Add domain-join cli arguments.
  1. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.
  1. Review the Summary page, and then click Finish.
  1. Review the Task page and verify the completed status of attempted actions under Task Summary.
  2. To view more information about Task Status, click Task Details.

For more information, please see Domain Join Tool Commands

Remove the Host from an Active Directory Domain

You can remove an Active Directory host from a domain.

To remove a joined domain:

  1. Go to the Hosts > Host Inventory page.
  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.
  1. On the Primary Action page, select Active Directory Bridge.
  1. On the Secondary Action page, select Domain Leave.
  2. On the Action Requirements page, check the box Delete Computer account in Active Directory, and then select an Active Directory credential from the list.
  1. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.
  1. Review the Summary page, and then click Finish.

Join the Host to an Azure Tenant Application

To join selected AD Bridge hosts to a Azure application, an application must have already been appropriately configured in Azure.

To join selected AD Bridge hosts to an Azure application:

  1. Go to the Hosts > Host Inventory page.
  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.
  1. On the Primary Action page, select Active Directory Bridge.
  1. On the Secondary Action page, select Tenant Join.
  2. On the Action Requirements page, enter the Azure application information. As noted above, an Azure application must already have been configured.
    • Tenant ID: The tenant ID from the Azure application configuration.
    • Application ID: The application ID from the Azure application configuration.
    • Secret: An application secret value from Azure. This value must have been created in the Azure application (see link below).
    • License Key: An AD Bridge license key to license the endpoint at the same time as joining the Azure tenant.
  1. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.
  1. Select Run Now.
  1. Review the Summary page, and then click Finish.
  1. Review the Task page and verify the completed status of attempted actions under Task Summary.
  2. To view more information about Task Status, click Task Details.

To reduce the data entry required at Step 5 above, it is possible to create a Join template under Settings > Software > AD Bridge > (ellipsis menu at right) > Manage Join Templates. Here you can save the tenant ID, application ID, and license key as a template, and then, at step 5 above, select that template to populate those fields when joining a specific host to the tenant. Note that you will still need to provide an application secret. For more information, see AD Bridge Join Templates.

For more information on joining an Azure Tenant, see Join an Azure AD Tenant.

Remove the Host from an Azure Tenant Application

To remove a host from an Azure application:

  1. Go to the Hosts > Host Inventory page.
  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.
  1. On the Primary Action page, select Active Directory Bridge.
  1. On the Secondary Action page, select Tenant Leave.
  1. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.
  1. Select Run Now.
  1. Review the Summary page, and then click Finish.

Update the Azure Application Secret for a Host

The Azure application secret has a configurable expiration date. When BeyondInsight for Unix & Linux identifies that a host is using an Azure application secret that will expire soon, a notification is generated. The notification details provides you with some guidance to update the application secret.

Secret ending notification and Update Secret button

To update the application secret used by a host to connect to an Azure application, a secret must have already been configured in Azure.

If you view an Azure Secret Key Expiring Soon notification, you can update the secret from the Notification Details panel by clicking the Update Secret button. Alternately, follow the procedure that appears next to perform the update.

To update the application secret:

  1. Go to the Hosts > Host Inventory page.
  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.
  1. On the Primary Action page, select Active Directory Bridge.
  1. On the Secondary Action page, select Tenant Secret.
  2. On the Action Requirements page, enter the new Azure application secret value. As noted above, an Azure application must already have been configured.
  1. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.
  1. Select Run Now.
  1. Review the Summary page, and then click Finish.
  1. Review the Task page and verify the completed status of attempted actions under Task Summary.
  2. To view more information about Task Status, click Task Details.

For more information on joining an Azure Tenant, see Join an Azure AD Tenant.

Uninstall AD Bridge

When you uninstall AD Bridge, you can also choose to leave the domain and delete the Active Directory account.

  1. Go to the Hosts > Host Inventory page.
  2. Select a host, and then at the far right, click the ellipsis menu icon and select Perform Host Actions.
  1. On the Primary Action page, select Active Directory Bridge.
  1. Select Uninstall.
  2. On the Action Requirements page, select one of the following:
    • Uninstall: Uninstall AD Bridge software from the host.
    • Leave and Uninstall: Remove the host from the domain and uninstall AD Bridge software.
    • Leave Domain, Delete Account, and Uninstall: Remove the host from the domain, delete the Active Directory account in Active Directory, and remove the AD Bridge software.
    • AD Credential: The credential to use to access Active Directory. The setting is required when you select Leave Domain, Delete Account, and Uninstall. This credential is added when you create the directory services connection.
  1. On the Credential Selection page, select a logon credential to access the remote system. If you cannot log on as root, then select one of the following to run the action with escalated privileges: pbrun, sudo, or sudo su. This might require choosing a second credential.
  1. Review the Summary page, and then click Finish.