This page shows you how to join a Linux VM, running supported Linuxdistributions, to adomain in Managed Service for Microsoft Active Directory using the System Security Services Daemon (SSSD).
Managed Microsoft AD interoperability works for many Linux distributionsand other connectivity tools. Learn aboutthese open source connectivity tools.
Before you begin
Create a Linux VM.When you create the VM, make sure that you complete the following tasks:
- On the Public images tab, select the appropriate distribution. Forexample, Ubuntu 16.04 LTS or Red Hat Enterprise Linux 8.
- Select a Linux version that Managed Microsoft ADsupports.
- Create the VM in the project that hosts your Managed Microsoft AD domain.If your Managed Microsoft AD domain has a Shared VPCas an authorized network, you can also create the VM in any of theShared VPC service projects.
- Create the VM on a VPC network that you have peered with theManaged Microsoft AD domain.
Install
realmdon the VM. Learn aboutrealm.SeeUbuntuand RedHatdocumentation for instructions.
The following are some sample commands:
Ubuntu 16.04 LTS
apt-get updateapt-get install realmd sssd packagekit
RHEL 8.2 (Ootpa)
sudo yum install realmd oddjob oddjob-mkhomedirsssd adcli
Join a Linux VM to a domain
To join a Linux VM to a domain, you need the following information:
The domain name of your Managed Microsoft AD domain. For example,
mydomain.example.com.The username and password of an account that has permissions to join a VM tothe domain. By default, members of the
Cloud Service Domain Join Accountsgroup have these permissions. For more information about the default groupsthat Managed Microsoft AD creates, seeGroups.- The username must be in the following format:USERNAME@DOMAIN_NAME. The domain name part of theusername must be in uppercase. For example,
[email protected].
- The username must be in the following format:USERNAME@DOMAIN_NAME. The domain name part of theusername must be in uppercase. For example,
You can join the Linux VM to the Managed Microsoft AD domain using therealmjoincommand. The following is a sample command:
realm join DOMAIN_NAME -U 'USERNAME@DOMAIN_NAME'
For verbose output, add the -v flag at the end of the command.
Specify account location with realm join
By default, the realm join command creates a machine account that is located at:
CN=ACCOUNT_NAME,OU=Computers,OU=Cloud,DC=MACHINE,DC=MID_LEVEL,DC=EXTENSION
To specify where to create the account, use the --computer-ou flag to providethe path for the realm join command. The following example shows how tospecify the path:
--computer-ou="OU=CUSTOM_OU,DC=MACHINE,DC=MID_LEVEL,DC=EXTENSION"
The user must have the permissions that are required to create accounts in the specified OU.
Remove a Linux VM from a domain
To remove a Linux VM from a domain, you need the domain name of yourManaged Microsoft AD domain and the username of your user account.
You can remove a Linux VM from the Managed Microsoft AD domain using therealmleavecommand. The following is a sample command:
realm leave DOMAIN_NAME -U 'USERNAME@DOMAIN_NAME'
What's next
- Connect to a Managed Microsoft AD domain.
- Learn about the delegated administrator account.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-10 UTC.
[{ "type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }]
 - Shopify)