Manage computers
Using AD Bridge, you can manage the AD Bridge Cell settings for Unix and Linux computers in Active Directory Users and Computers.
Use AD Bridge with a single organizational unit
You can use AD Bridge if you have write privileges for only one OU. Your AD rights to create objects in the OU allow you to join Linux and Unix computers to the OU even though you do not have Active Directory Domain Administrator or Enterprise Administrator privileges.
Note
For more information, see Working with AD Bridge Cells.
There are additional limitations to this approach:
- You must join the computer to a specific OU, and you must know the path to that OU.
- You cannot use AD Bridge in Directory Integrated mode unless you have Enterprise Administrator privileges, which are required to upgrade the schema.
Join a Linux computer to an organizational unit
To join a computer to a domain, you need:
- The user name and password of an account that has privileges to join computers to the OU
- The full name of the domain that you want to join. The OU path is from the top OU down to the OU that you want.
As root, execute the following command, replacing organizationalUnitName with the path and name of the OU that you want to join, domainName with the FQDN of the domain, and joinAccount with the user name of an account that has privileges to join computers to the domain:
/opt/pbis/bin/domainjoin-cli join --ou organizationalUnitName domainName joinAccount
Example
/opt/pbis/bin/domainjoin-cli join --ou Engineering example.com AdministratorExample of how to join a nested OU:
domainjoin-cli join --ou topLevelOU/middleLevelOU/LowerLevelOU/TargetOU example.com Administrator
After you join a domain for the first time, you must restart the computer before you can log on.
Rename a joined computer in AD Bridge
To rename a joined computer, you must:
- Leave the domain.
- Rename the computer using the domain join command-line interface.
- Rejoin the computer to the domain.
Important
Do not change the name of a Linux or Unix computer using the hostname command because some distributions do not permanently apply the changes.
Rename a computer using the command-line tool
The following procedure removes a Unix or Linux computer from the domain, renames the computer, and then rejoins it to the domain.
Note
Renaming a joined computer requires the user name and password of a user with privileges to join a computer to a domain.
-
With root privileges, at the shell prompt of a Unix computer, execute the following command:
/opt/pbis/bin/domainjoin-cli leave -
To rename the computer in /etc/hosts, execute the following command, replacing computerName with the new name of the computer:
/opt/pbis/bin/domainjoin-cli setname computerNameExample
/opt/pbis/bin/domainjoin-cli setname RHEL44ID -
To rejoin the renamed computer to the domain, execute the following command at the shell prompt, replacing DomainName with the name of the domain that you want to join and UserName with the user name of a user who has privileges to join a domain:
/opt/pbis/bin/domainjoin-cli join DomainName UserNameExample
/opt/pbis/bin/domainjoin-cli join example.com AdministratorIt may take a few moments before the computer is joined to the domain.
-
After you change the hostname of a computer, you must also change the name in the AD Bridge local provider database so that the local AD Bridge accounts use the correct prefix. Execute the following command as root, replacing hostName with the name that you want:
/opt/pbis/bin/lsa set-machine-name hostName
Remove a computer from a domain
You can remove a computer from a domain in the following ways:
- Remove the computer account from ADUC.
- Run the domain join tool on the Unix or Linux computer.
Note
For more information, see Domain Join tool commands for AD Bridge.
Updated about 1 month ago