jspωiki
Join AD Domain

Overview#

To Join AD Domain (windows1.nwie###.net), type the following command-line as root on the member server:
net ads join -k createcomputer=Servers/UNIX -U unixadmin@EXAMPLE.NET
Since the machine windows1 was automatically found in the corresponding Kerberos Realm, we know this if the kinit command succeeded, the net command connects to the Microsoft Active Directory server using its required administrator account and password. The command creates the appropriate NIX Workstation account in Microsoft Active Directory and grants permissions to the NIX Workstation to Join AD Domain.

The "Servers/UNIX" represents the location to create the NIX Workstation account in Microsoft Active Directory and is relative to the domain name.

The above command-line assumes you used the krb5.conf file as shown. If you added a Realm, then the realm will be appended to the unixadmin@NWIEPILOT.NET string and you will receive a error similar to:

 Failed to join domain: failed to connect to AD: Malformed representation of principal

Expect Some Errors#

The above will always produce errors because the validation immediately happens on a different Microsoft Active Directory server than the create (replication latency). Usually this is because we are using DNS to discover AD servers.

Also, DNS is not allowed to be updated by samba; however the NIX Workstation should should already be proper in DNS.

Test The Join AD Domain #

Manually validate after allowing a few seconds to replicate:
net ads testjoin

More Information#

There might be more information for this subject on one of the following: