Poster of Linux kernelThe best gift for a Linux geek
DOMAINJOIN-CLI

DOMAINJOIN-CLI

Section: (8) Updated: 03/14/2008
Local index Up
 

NAME

domainjoin-cli - Join a host to an Active Directory domain  

SYNOPSIS

domainjoin-cli [options] join [--ou organizational_unit]
[--enable module...] [--disable module...]
[--preview] [--advanced] [--details module]
domain username [password]
domainjoin-cli [options] leave
[--enable module...] [--disable module...]
[--preview] [--advanced] [--details module]
[username [password]]
domainjoin-cli [options] query
domainjoin-cli [options] fixfqdn
domainjoin-cli [options] setname name
 

DESCRIPTION

domainjoin-cli

is the command-line version of the Likewise AD domain join tool. In a basic invocation, domainjoin-cli will join the current machine into an AD domain, enable authentication of AD users, and enable group policy if it is available.

For systems with sensitive configurations, domainjoin-cli offers fine-grained control over modifications to system configuration files that are typically required during a join, such as editing /etc/nsswitch.conf or the system PAM setup.  

USAGE

 

Commands

domainjoin-cli supports the following major modes of operation:

join

Joins the machine to the AD domain domain and configures AD authentication and group policy (where applicable). This operation requires valid AD credentials for domain to be specified as username and password. If password is not specified on the command line, domainjoin-cli will prompt you for it.

domainjoin-cli supports joining the machine to a specific OU (Organizational Unit) with --ou organizational_unit.

leave

Leaves the currently-joined AD domain and deconfigures AD authentication and group policy (where applicable).

In order to actually disable the machine account in AD, either administrative credentials for domain or the same credentials originally used to join the machine must be specified as username and password. If password is not specified on the command line, domainjoin-cli will prompt you for it.

If no credentials are specified, the machine will no longer behave as a member of domain but its machine account will remain enabled in AD.

query

Displays information about the currently-joined AD domain and OU.

fixfqdn

Makes local configuration modifications necessary to ensure that the fully-qualified domain name of the machine is forward- and backward-resolvable. This can work around domain join issues on networks with sub-optimal DNS setups.

setname

Changes the hostname of this machine to name. As it is necessary to have a unique, non-generic name before joining AD, this operation is provided as a convenient way to quickly rename this computer before performing a join.
 

Common options

--log filename

Log details about the operation to file. If file is ".", logging is directed to the console.

--loglevel <error | warning | info | verbose >

Specifies the level of logging information which should be written to the log file.

--help

Displays brief usage and help information. No operation is performed.
 

Join and leave options

--ou organizational_unit

Joins the machine to the OU organizational_unit instead of the default "Computers" OU. The OU to which a machine is joined determines which users will be able to authenticate against the machine and which group policies will be applied. This option has no effect when leaving a domain.

--enable module

Explicitly enables the configuration module module during the join or leave operation.

--disable module

Explicitly disables the configuration module module during the join or leave operation.

Note that some modules are necessary for the proper operation of Likewise while joined to AD. If you attempt to disable such a module, domainjoin-cli will refuse to proceed with a join operation.

For some modules, it is possible to make the relevant configuration changes by hand; domainjoin-cli will inform you of the necessary changes and will proceed with the module disabled if it detects that the changes have been made.

--details module

Provide details about module module and what specific configuration changes it would perform during a join or leave operation. No actual operation is performed.

--preview

Provide a summary of what configuration modules would be run during a join or leave operation. No actual operation is performed.

--advanced

Turns on debugging information during leave and join operations and provides more verbose output when using --preview. This is generally only helpful when diagnosing unusual system or network configuration issues.
 

EXAMPLES

Example invocations of domainjoin-cli and their effects follow:

$ domainjoin-cli join sales.my-company.com Administrator@sales rosebud

Joins the AD domain sales.my-company.com using Administrator as the username and rosebud as the password. This is the typical join scenario.

$ domainjoin-cli --log . leave

Leaves the current AD domain without attempting to disable the machine account as no user credentials were specified. Information about the process will be logged to the console at the default logging level.

$ domainjoin-cli join --disable nsswitch sales.my-company.com Administrator@sales

Joins the AD domain sales.my-company.com using Administrator as the username and prompting for the password. If possible, nsswitch configuration will not be modified.

$ domainjoin-cli join --preview sales.my-company.com Administrator@sales rosebud

Show what configuration modules would be run when joining the AD domain sales.my-company.com.

$ domainjoin-cli join --details pam sales.my-company.com Administrator@sales rosebud

Show what changes would be made to the system by the pam module when joining the AD domain sales.my-company.com.  

VERSION

This man page has not been edited in some time.


 

Index

NAME
SYNOPSIS
DESCRIPTION
USAGE
Commands
Common options
Join and leave options
EXAMPLES
VERSION

This document was created by man2html, using the manual pages.
Time: 22:01:32 GMT, April 16, 2011