Overview#To Join AD Domain (windows1.nwie###.net), type the following command as root on the member server:
net ads join -k createcomputer=Servers/UNIX -U unixadmin@NWIEPILOT.NETSince the machine windows1 was automatically found in the corresponding Kerberos realm, we know this if the kinit command succeeded, the net command connects to the Active Directory server using its required administrator account and password. The command creates the appropriate NIX Workstation account on the Active Directory and grants permissions to the NIX Workstation to Join AD Domain.
The "Servers/UNIX" represents the location to create the NIX Workstation account in AD and is relative to the domain name.
The above command assumes you used the krb5.conf file as shown. If you added a Realm, then the realm will be appended to the unixadmin@NWIEPILOT.NET string and you will receive a error similar to:
Failed to join domain: failed to connect to AD: Malformed representation of principal
Expect Some Errors#The above will always produce errors because the validation immediately happens on a different AD server than the create (replication latency). This is because we are using DNS to discover AD servers.
Also, DNS is not allowed to be updated by samba; however the NIX Workstation should should already be proper in DNS.
Test The Join AD Domain #Manually validate after allowing a few seconds to replicate:
net ads testjoin