NAME
domainjoin-cli - Join a host to an Active Directory domain
SYNOPSIS
domainjoin-cli [options] join [--ou organizational_unit]
[--enable module...] [--disable module...]
[--preview] [--advanced] [--details module]
domain username [password]
domainjoin-cli [options] leave
[--enable module...] [--disable module...]
[--preview] [--advanced] [--details module]
[username [password]]
domainjoin-cli [options] query
domainjoin-cli [options] fixfqdn
domainjoin-cli [options] setname name
DESCRIPTION
domainjoin-cli is the command-line version of the Likewise AD domain
join tool. In a basic invocation, domainjoin-cli will join the current
machine into an AD domain, enable authentication of AD users, and
enable group policy if it is available.
For systems with sensitive configurations, domainjoin-cli offers
fine-grained control over modifications to system configuration files
that are typically required during a join, such as editing
/etc/nsswitch.conf or the system PAM setup.
USAGE
Commands
domainjoin-cli supports the following major modes of operation:
join
Joins the machine to the AD domain domain and configures AD
authentication and group policy (where applicable). This operation
requires valid AD credentials for domain to be specified as
username and password. If password is not specified on the command
line, domainjoin-cli will prompt you for it.
domainjoin-cli supports joining the machine to a specific OU
(Organizational Unit) with --ou organizational_unit.
leave
Leaves the currently-joined AD domain and deconfigures AD
authentication and group policy (where applicable).
In order to actually disable the machine account in AD, either
administrative credentials for domain or the same credentials
originally used to join the machine must be specified as username
and password. If password is not specified on the command line,
domainjoin-cli will prompt you for it.
If no credentials are specified, the machine will no longer behave
as a member of domain but its machine account will remain enabled
in AD.
query
Displays information about the currently-joined AD domain and OU.
fixfqdn
Makes local configuration modifications necessary to ensure that
the fully-qualified domain name of the machine is forward- and
backward-resolvable. This can work around domain join issues on
networks with sub-optimal DNS setups.
setname
Changes the hostname of this machine to name. As it is necessary to
have a unique, non-generic name before joining AD, this operation
is provided as a convenient way to quickly rename this computer
before performing a join.
Common options
--log filename
Log details about the operation to file. If file is ".", logging is
directed to the console.
--loglevel <error | warning | info | verbose >
Specifies the level of logging information which should be written
to the log file.
--help
Displays brief usage and help information. No operation is
performed.
Join and leave options
--ou organizational_unit
Joins the machine to the OU organizational_unit instead of the
default "Computers" OU. The OU to which a machine is joined
determines which users will be able to authenticate against the
machine and which group policies will be applied. This option has
no effect when leaving a domain.
--enable module
Explicitly enables the configuration module module during the join
or leave operation.
--disable module
Explicitly disables the configuration module module during the join
or leave operation.
Note that some modules are necessary for the proper operation of
Likewise while joined to AD. If you attempt to disable such a
module, domainjoin-cli will refuse to proceed with a join
operation.
For some modules, it is possible to make the relevant configuration
changes by hand; domainjoin-cli will inform you of the necessary
changes and will proceed with the module disabled if it detects
that the changes have been made.
--details module
Provide details about module module and what specific configuration
changes it would perform during a join or leave operation. No
actual operation is performed.
--preview
Provide a summary of what configuration modules would be run during
a join or leave operation. No actual operation is performed.
--advanced
Turns on debugging information during leave and join operations and
provides more verbose output when using --preview. This is
generally only helpful when diagnosing unusual system or network
configuration issues.
EXAMPLES
Example invocations of domainjoin-cli and their effects follow:
$ domainjoin-cli join sales.my-company.com Administrator@sales rosebud
Joins the AD domain sales.my-company.com using Administrator as the
username and rosebud as the password. This is the typical join
scenario.
$ domainjoin-cli --log . leave
Leaves the current AD domain without attempting to disable the machine
account as no user credentials were specified. Information about the
process will be logged to the console at the default logging level.
$ domainjoin-cli join --disable nsswitch sales.my-company.com Administrator@sales
Joins the AD domain sales.my-company.com using Administrator as the
username and prompting for the password. If possible, nsswitch
configuration will not be modified.
$ domainjoin-cli join --preview sales.my-company.com Administrator@sales rosebud
Show what configuration modules would be run when joining the AD domain
sales.my-company.com.
$ domainjoin-cli join --details pam sales.my-company.com Administrator@sales rosebud
Show what changes would be made to the system by the pam module when
joining the AD domain sales.my-company.com.
VERSION
This man page has not been edited in some time.
03/14/2008