π linux-ad-join
A lightweight, multi-distro automation tool for joining Linux systems to Microsoft Active Directory domains. It configures realm, SSSD, Kerberos, Oddjob, SSH access rules, home directory creation, and user/group permissions β all through a clean, unified workflow.
Supports servers and workstations, includes full logging, automatic or prompted reboots, and now features offline login through cached credentials.
π Key Features β Multi-Distro Support
Works across all major Linux families:
Ubuntu / Debian
RHEL, CentOS, Rocky Linux, AlmaLinux, Fedora
openSUSE / SLE
Arch Linux / Manjaro
β Fully Automated AD Join
Configures required packages (realmd, SSSD, adcli, Kerberos, Oddjob)
Seamlessly performs realm join using provided credentials
Sets correct hostname prior to domain enrollment
β Managed SSSD Configuration
Automatically configures:
simple_allow_users
simple_allow_groups
fallback_homedir
default_shell
use_fully_qualified_names = False
NEW: cache_credentials = True for workstations (offline login support)
β Offline Login Enhancements (NEW in v2.5)
Workstations automatically enable cached AD credentials, allowing domain users to authenticate even when the machine is disconnected from the AD DC.
β SSSD Cache Purge (NEW in v2.5)
After writing a new SSSD configuration, the script now:
Stops SSSD
Clears /var/lib/sss/db/* and /var/lib/sss/mc/*
Restarts SSSD
This ensures immediate propagation of user/group access rules.
β Automatic Home Directory Creation
Configures mkhomedir using the appropriate tool per distribution.
β SSH Configuration
Enables password authentication for AD users.
β Access Control via Realm
Supports flexible user and group access rules through:
realm permit
β Intelligent Reboot Handling
Servers: reboot automatically
Workstations: prompt user
β Logging
All script output is written to both the console and:
linux_ad_join.log
π§° Usage ./linux-ad-join.sh <admin_user> <admin_pass> <users_csv_or_none> <groups_csv_or_none>
Examples:
./linux-ad-join.sh example.com administrator 'P@ssw0rd' ws-123 user1,user2 linuxadmins ./linux-ad-join.sh example.com admin 'Secret!' srv-prod none none
π¦ What the Script Configures
AD realm discovery
Kerberos setup
SSSD domain configuration
User/group permission rules
SSH access
Auto-home directory creation
Hostname alignment with AD computer object
Time synchronization for Kerberos accuracy
π― Use Cases
Ideal for:
System administrators
DevOps engineers
IT teams deploying Linux in Windows/AD-centric environments
Automated imaging / provisioning pipelines
Provides a fast, consistent, and reliable way to integrate Linux servers and workstations into Microsoft Active Directory with minimal manual steps.
π License
MIT License β safe for enterprise and open-source use.