Bash script to join a Linux server to an Active Directory domain

Joining a Linux server to an Active Directory (AD) domain is a non-trivial task and requires a series of steps, which might vary based on the Linux distribution and the version of AD. In most common scenarios, you can use tools like realmd or sssd to facilitate the join.

Below, you’ll find a basic script that uses realmd to join an Active Directory domain. This script assumes that you have the necessary packages and that your system is configured to resolve the AD DNS correctly.

IMPORTANT: Please consult your organization’s guidelines and documentation, and work with your system administrator, to ensure that you’re following the correct procedure for your specific environment. Also, ensure that you have all necessary permissions and that you understand the impact of these commands before executing them.

bashCopy code#!/bin/bash

# Check if the script is run as root
if [ "$EUID" -ne 0 ]
  then echo "Please run this script as root or with sudo"

# Parameters - these should be customized for your environment

# Install required packages
echo "Installing required packages..."
apt-get update
apt-get install -y realmd sssd sssd-tools adcli samba-common-bin

# Discover the realm
echo "Discovering the realm..."
realm discover $DOMAIN

# Join the domain
echo "Joining the domain..."
echo $PASSWORD | realm join --user=$USER $DOMAIN

# Enable login with AD credentials
echo "Enabling login with AD credentials..."
auth-client-config -e -p nsswithsssd

# Restarting services
echo "Restarting services..."
systemctl restart sssd

echo "Server has been joined to the domain: $DOMAIN"

This script is quite generic and may need customization based on your specific setup, including the necessary packages and configuration files for the Linux distribution and AD environment in use. It’s vital to thoroughly test the script in a non-production environment to understand its effects and ensure it meets your requirements.

Always be cautious with passwords in scripts. If possible, you might want to avoid including them directly in the script, and instead use a more secure method of handling credentials. Consider utilizing a privileged account management solution, or prompt for the password at runtime instead of embedding it in the script.