This topic shows you how to join a Linux VM to a Managed Microsoft AD domain by using the System Security Services Daemon (SSSD) with the following Linux distributions:
- Ubuntu 16.04 LTS
- Red Hat Enterprise Linux (RHEL) 8.2 (Ootpa)
Managed Microsoft AD interoperability works for many Linux distributions and other connectivity tools. Learn about these open source connectivity tools.
Before you begin
Before you begin, be sure you have completed the following tasks:
Create an Active Directory domain as explained in Quickstart: Creating a domain.
Create a Linux VM. For step 4, on the Public images tab, select the appropriate distribution, Ubuntu 16.04 LTS or Red Hat Enterprise Linux 8.
- Create the VM in the project that hosts your Managed Microsoft AD domain. (If there is a Shared VPC that is an authorized network, you can also create the VM in any of its service projects.)
- Create the VM on a VPC network that is peered with the Managed Microsoft AD domain.
realmdon the VM. Learn about
realmdrun the following commands:
Ubuntu 16.04 LTS
apt-get update apt-get install realmd sssd packagekit
RHEL 8.2 (Ootpa)
sudo yum install realmd oddjob oddjob-mkhomedir sssd adcli
Joining a Linux VM to a domain
To join a Linux VM to a domain, complete the following steps. Both Ubuntu 16.04
LTS and RHEL 8.2 use
Run the following command:
realm join domain-name -U 'username@domain-name'
For verbose output, add the
-vflag to the end of the command.
At the prompt, enter the password for username@domain-name.
You should receive a message indicating a successful domain-join.
Specifying account location with
By default, the
realm join command creates a machine account that is located at:
To specify where to create the account, use the
--computer-ou flag to
provide the path for the
realm join command.
The username@domain-name account must have the permissions
that are required to create accounts in the specified OU. By default, members of
Cloud Service Domain Join Accounts group have this permission. Learn about
the groups that Managed Microsoft AD creates for you.
realm join domain-name --computer-ou="OU=org-unit,DC=machine,DC=mid-level,DC=extension" -U 'username@domain-name'
Removing a Linux VM from a domain
To remove a Linux VM from the domain-name domain, run the following
command. Both Ubuntu 16.04 LTS and RHEL 8.2 use
realm leave domain-name -U 'username@domain-name'