Automating CentOS 7 Joining Windows Domain in bash

I previously wrote an article about CentOS 7 joining a Windows domain. I have come up with a way to automate it in bash script. It’s time for me to utilize my bash muscle I built in the past. 🙂 Here is the script. Make sure to execute it as root.

#!/bin/bash
set -e
set -u

while getopts "u:p:d:g:" arg;
do
	case $arg in
		u) username=$OPTARG;;
		p) password=$OPTARG;;
		d) domain=$OPTARG;;
		g) sudoergroup=$OPTARG;;
		\?) echo "Invalid option -$OPTARG" >&2;;
	esac
done

yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y

echo "Joining $domain"
echo "$password" | realm join --user=$username $domain

sssd_conf_path=/etc/sssd/sssd.conf

echo "Modifying $sssd_conf_path"
sed -i 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' $sssd_conf_path
sed -i 's/fallback_homedir = \/home\/\%u@\%d/fallback_homedir = \/home\/\%u/g' $sssd_conf_path

echo "Restarting sssd"
systemctl restart sssd

echo "Granting $sudoergroup to be sudoers"
sudoergroup=${sudoergroup// /\\ } #replace space with \space
echo "%$sudoergroup@$domain ALL=(ALL) ALL" >> /etc/sudoers.d/sudoers

echo "Completed joining $domain"

You can find this script on GitHub at https://github.com/hiriumi/bash-utilities/blob/master/join-windows-domain.sh

Make sure that -u indicates a domain user that has a permission to have computers join the domain. Execute the script like the following example.

./join-windows-domain.sh -u 'domainadminuser' -p 'yourpassword' -d 'homenet.iriumi.ad' -g 'domain admin'

This bash script really eliminates all the manual steps to join a CentOS 7 to Windows domain. This script can be used on pretty much all the Red Hat based Linux distributions.

Author: admin

A software engineer in greater Seattle area

Leave a Reply

Your email address will not be published. Required fields are marked *