Not sure if my title is confusing but, just wondering is there a way to point Realm Join command to a specific SRV Active Directory server that is a member ex. of mycompany.local domain?
Here's my join command:
realm join --user='MyAdminUser' --password='p@ssw0rd' --computer-ou='OU=Linux,OU=Servers,OU=MyCompany' --os-name='Linux' --os-version='CentOS 7' mycompany.local
List of my Active Directory servers under mycompany.local
nslookup -type=SRV _ldap._tcp.mycompany.local
;; Truncated, retrying in TCP mode.
Server: 10.17.145.13
Address: 10.18.145.13#53
_ldap._tcp.mycompany.local service = 0 100 389 dc01.mycompany.local.
_ldap._tcp.mycompany.local service = 0 100 389 dc02.mycompany.local.
_ldap._tcp.mycompany.local service = 0 100 389 dc03.mycompany.local.
_ldap._tcp.mycompany.local service = 0 100 389 dc04.mycompany.local.
_ldap._tcp.mycompany.local service = 0 100 389 dc05.mycompany.local.
_ldap._tcp.mycompany.local service = 0 100 389 dc06.mycompany.local.
_ldap._tcp.mycompany.local service = 0 100 389 dc07.mycompany.local.
Say I want "Realm Join" to specifically use "dc07.mycompany.local."? Maybe an option like:
--active-directory-server='dc07.mycompany.local.'
Why do I need this? Because we have many subnets and some servers we deploy belongs to a subnet that by default does not have access, say, to "dc01.mycompany.local." Since "realm join" command by default just picks randomly from all the AD servers that is under "mycompany.local", the command will fail, then what we do is we run the command again until it picks the right AD server which is "dc07.mycompany.local."
You can say, just allow the machine to all the AD servers so you won't have a problem. Yeah, actually that's our workaround instead of running the realm join command multiple times. But it will be great if we can specify the AD server immediately on the command line so we don't have to create a Service Request to the Network guys to allow our machine to the other AD server in mycompany.local and wait for them.
Thanks in advance guys!
On CentOS 7,
man realm
does not indicate that you can chose your domain controller. Similar to my experience, you probably need to revert to a command with such an option:net ads join --server
adcli --domain-controller
Solved my problem. I just explicitly declared the name of the domain controller in replace with the local domain name.
With this, realm will use adcli instead of net utililty.