Joining an Active Directory domain

To join an Active Directory domain with realmd you can use the realm command line tool:

$ realm join --verbose domain.example.com

By specifying the --verbose it's easier to see what went wrong if the join fails.

Other tools also use realmd which can be used to perform the join operation, for example: GNOME Control Center.

The join operation does the following:

In addition an Active Directory domain controller's host name or IP address may be specified to join via that domain controller directly.

After the join operation is complete, domain accounts should be usable locally, although logins using domain accounts are not necessarily enabled.

You verify that domain accounts are working with with a command like this:

$ getent passwd DOMAIN\Administrator

The join operation will create or update a computer account in the domain. If you wish to specify a specific organizational unit where this account is created, you can use the computer-ou setting. Additonally, you can override the default name for the computer account with the computer-name setting.

Specify the --user to choose a different user name than the default Administrator user.

You can use kerberos credentials to perform the join. Use the kinit command to acquire credentials prior to starting the join. Do not specify the --user argument, the user will be selected automatically from the credential cache. The realm respects the KRB5_CCACHE environment variable, but uses the default kerberos credential cache if it's not present.