Virtual Private Cloud — New service for secure your business

Integrating a Linux Machine Into Windows Active Directory Domain

Aleksandr Komarov
August 21, 2020

This article will describe the process of adding a Linux machine (Ubuntu 20.04) into a Windows Active Directory Domain.

Step 1. Install packages and preparation.

Let’s update packages first.

sudo apt update
sudo apt upgrade

After that, install the required packages.

sudo apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

Next, we will configure all of these tools to work with the domain. All we need to know is:

  • Domain name: office.local
  • DNS server IP:
  • Second DNS server IP:

Step 2. Configure DNS.

Look in netplan config file.

sudo nano /etc/netplan/*.yaml

If you see there ‘dhcp4: true’ and your DHCP server is configured in a right way, go to the next step.
If you configure the network connection parameters manually, here is an example for setting up static addresses:

addresses: [,]
- office.local
optional: true
version: 2

  • addresses — this ip address will be assigned to your network card;
  • gateway4 — ip address of your router;
  • nameservers — DNS servers;
  • search — target domain.

Apply changes.

sudo netplan apply

Step 3. Discover the domain, join it, and check the result.

First, discover the domain.

realm discover office.local

We’ll see something like this. This means that the network settings are correct and our machine received an answer from the domain. If not, you need to check your network settings, domain, and DNS health.

type: kerberos
realm-name: OFFICE.LOCAL
domain-name: office.local
configured: no

Next, join the AD domain. Replace ‘admin’ with the domain administrator’s username and enter the password for it if prompt.

realm join -U admin office.local
Password for admin:

Now let’s check if we can get information about the AD user. Replace ‘user’ with the name of the domain user account.

id user@office.local
uid=687821651(user@office.local) gid=687800512(user@office.local) groups=687800512(domain users@office.local)

Step 4. Last settings and logging in.

To avoid adding the domain name to the username every time, let’s configure this.

sudo nano /etc/sssd/sssd.conf

Change the ‘use_fully_qualified_names’ value to False. Restart and check:

sudo systemctl restart sssd
id user
uid=687821651(user@office.local) gid=687800512(user@office.local) groups=687800512(domain users@office.local)

Now we need to to set up a creation of Home Dirs for AD users when they log in.

sudo nano /etc/pam.d/common-session
#add this line in the end of file
session optional skel=/etc/skel umask=077

Let’s try to log in as an AD user.

su – user
Creating directory '/home/user@office.local'.

This means that you have successfully logged in as an AD user.

Additionally, you can allow authorization for some AD users or groups and restrict others. The example below is set to deny everyone and allow for user, user2, Domain Admins group.

sudo realm deny –all
sudo realm permit user@office.local user2@office.local
sudo realm permit -g 'Domain Admins'

Configuring AD users to get root privileges is the same as for local users, but in another file.

sudo nano /etc/sudoers.d/admins

Add the necessary lines to it. For example:

user ALL=(ALL) ALL
%Domain\ Admins ALL=(ALL) ALL

Start Your Cloud Journey Migration made simplified. Take the first step right now.
We use cookies to provide our services and for analytics and marketing. To find out more about our use of cookies, please see our Privacy Policy. By continuing to browse our website, you agree to our use of cookies.