Provided by: likewise-open_22.214.171.1246-0ubuntu5_amd64
domainjoin-cli - Join a host to an Active Directory domain
domainjoin-cli [options] join [--ou organizational_unit] [--enable module...] [--disable module...] [--preview] [--advanced] [--details module] domain username [password] domainjoin-cli [options] leave [--enable module...] [--disable module...] [--preview] [--advanced] [--details module] [username [password]] domainjoin-cli [options] query domainjoin-cli [options] fixfqdn domainjoin-cli [options] setname name
domainjoin-cli is the command-line version of the Likewise AD domain join tool. In a basic invocation, domainjoin-cli will join the current machine into an AD domain, enable authentication of AD users, and enable group policy if it is available. For systems with sensitive configurations, domainjoin-cli offers fine-grained control over modifications to system configuration files that are typically required during a join, such as editing /etc/nsswitch.conf or the system PAM setup.
Commands domainjoin-cli supports the following major modes of operation: join Joins the machine to the AD domain domain and configures AD authentication and group policy (where applicable). This operation requires valid AD credentials for domain to be specified as username and password. If password is not specified on the command line, domainjoin-cli will prompt you for it. domainjoin-cli supports joining the machine to a specific OU (Organizational Unit) with --ou organizational_unit. leave Leaves the currently-joined AD domain and deconfigures AD authentication and group policy (where applicable). In order to actually disable the machine account in AD, either administrative credentials for domain or the same credentials originally used to join the machine must be specified as username and password. If password is not specified on the command line, domainjoin-cli will prompt you for it. If no credentials are specified, the machine will no longer behave as a member of domain but its machine account will remain enabled in AD. query Displays information about the currently-joined AD domain and OU. fixfqdn Makes local configuration modifications necessary to ensure that the fully-qualified domain name of the machine is forward- and backward-resolvable. This can work around domain join issues on networks with sub-optimal DNS setups. setname Changes the hostname of this machine to name. As it is necessary to have a unique, non-generic name before joining AD, this operation is provided as a convenient way to quickly rename this computer before performing a join. Common options --log filename Log details about the operation to file. If file is ".", logging is directed to the console. --loglevel <error | warning | info | verbose > Specifies the level of logging information which should be written to the log file. --help Displays brief usage and help information. No operation is performed. Join and leave options --ou organizational_unit Joins the machine to the OU organizational_unit instead of the default "Computers" OU. The OU to which a machine is joined determines which users will be able to authenticate against the machine and which group policies will be applied. This option has no effect when leaving a domain. --enable module Explicitly enables the configuration module module during the join or leave operation. --disable module Explicitly disables the configuration module module during the join or leave operation. Note that some modules are necessary for the proper operation of Likewise while joined to AD. If you attempt to disable such a module, domainjoin-cli will refuse to proceed with a join operation. For some modules, it is possible to make the relevant configuration changes by hand; domainjoin-cli will inform you of the necessary changes and will proceed with the module disabled if it detects that the changes have been made. --details module Provide details about module module and what specific configuration changes it would perform during a join or leave operation. No actual operation is performed. --preview Provide a summary of what configuration modules would be run during a join or leave operation. No actual operation is performed. --advanced Turns on debugging information during leave and join operations and provides more verbose output when using --preview. This is generally only helpful when diagnosing unusual system or network configuration issues.
Example invocations of domainjoin-cli and their effects follow: $ domainjoin-cli join sales.my-company.com Administrator@sales rosebud Joins the AD domain sales.my-company.com using Administrator as the username and rosebud as the password. This is the typical join scenario. $ domainjoin-cli --log . leave Leaves the current AD domain without attempting to disable the machine account as no user credentials were specified. Information about the process will be logged to the console at the default logging level. $ domainjoin-cli join --disable nsswitch sales.my-company.com Administrator@sales Joins the AD domain sales.my-company.com using Administrator as the username and prompting for the password. If possible, nsswitch configuration will not be modified. $ domainjoin-cli join --preview sales.my-company.com Administrator@sales rosebud Show what configuration modules would be run when joining the AD domain sales.my-company.com. $ domainjoin-cli join --details pam sales.my-company.com Administrator@sales rosebud Show what changes would be made to the system by the pam module when joining the AD domain sales.my-company.com.
This man page has not been edited in some time. 03/14/2008 DOMAINJOIN-CLI(8)