Public/Join-LinuxToAD.ps1
|
<#
.SYNOPSIS This function joins a Linux machine to a Windows Active Directory Domain. Currently, this function only supports RedHat/CentOS. Most of this function is from: https://winsysblog.com/2018/01/join-linux-active-directory-powershell-core.html .DESCRIPTION See .SYNOPSIS .PARAMETER DomainName This parameter is MANDATORY. This parameter takes a string that represents Active Directory Domain that you would like to join. .PARAMETER DomainCreds This parameter is MANDATORY. This parameter takes a pscredential object that represents a UserName and Password that can join a host to teh Active Directory Domain. .EXAMPLE # Open an elevated PowerShell Core (pwsh) session on a Linux, import the module, and - [CentOS7Host] # sudo pwsh PS /home/testadmin> $DomainCreds = [pscredential]::new("zero\zeroadmin",$(Read-Host "Enter Password" -AsSecureString)) PS /home/testadmin> Join-LinuxToAD -DomainName "zero.lab" -DomainCreds $DomainCreds #> function Join-LinuxToAD { [CmdletBinding()] param ( [Parameter(Mandatory=$True)] [string]$DomainName, [Parameter(Mandatory=$True)] [pscredential]$DomainCreds ) if (!$(GetElevation)) { Write-Error "You must run the $($MyInvocation.MyCommand.Name) function with elevated permissions! Halting!" $global:FunctionResult = "1" return } if (!$IsLinux) { Write-Error "This host is not Linux. Halting!" $global:FunctionResult = "1" return } if (![bool]$($PSVersionTable.OS -match 'RedHat|CentOS|\.el[0-9]\.')) { Write-Error "Currently, the $(MyInvocation.MyCommand.Name) function only works on RedHat/CentOS Linux Distros! Halting!" $global:FunctionResult = "1" return } # Make sure nslookup is installed which nslookup *>/dev/null if ($LASTEXITCODE -ne 0) { $null = yum install bind-utils -y } # Ensure you can lookup AD DNS $null = nslookup $DomainName if ($LASTEXITCODE -ne 0) { Write-Error 'Could not find domain in DNS. Checking settings' $global:FunctionResult = "1" return } #Ensure Samba and dependencies installed $DependenciesToInstall = @( "sssd" "realmd" "oddjob" "oddjob-mkhomedir" "adcli" "samba-common" "samba-common-tools" "krb5-workstation" "openldap-clients" "policycoreutils-python" ) [System.Collections.ArrayList]$SuccessfullyInstalledDependencies = @() [System.Collections.ArrayList]$FailedInstalledDependencies = @() foreach ($Dependency in $DependenciesToInstall) { $null = yum install $Dependency -y if ($LASTEXITCODE -ne 0) { $null = $FailedInstalledDependencies.Add($Dependency) } else { $null = $SuccessfullyInstalledDependencies.Add($Dependency) } } if ($FailedInstalledDependencies.Count -gt 0) { Write-Error "Failed to install the following dependencies:`n$($FailedInstalledDependencies -join "`n")`nHalting!" $global:FunctionResult = "1" return } # Join domain with realm $DomainUserName = $DomainCreds.UserName if ($DomainUserName -match "\\") {$DomainUserName = $($DomainUserName -split "\\")[-1]} $PTPasswd = $DomainCreds.GetNetworkCredential().Password printf "$PTPasswd" | realm join $DomainName --user=$DomainUserName if ($LASTEXITCODE -ne 0) { Write-Error -Message "Could not join domain $DomainName. See error output" exit } if ($LASTEXITCODE -eq 0) { Write-Output 'Success' } } |