Joining Active Directory is currently a manual operation. There is no reason why it couldn’t be done by SaltStack – that is left as an exercise for the reader! Continue reading
You need to keep the time consistent across your machines for a number of reasons – not the least is basic sanity. AD needs the time consistent as otherwise Kerberos won’t work. Standard practice is to use the DC as the time source. Fortunately NTP makes it pretty easy.
Sometimes it is handy if users are managed somewhere other than
/etc/passwd – somewhere central. Sometimes this happens to be Active Directory.
This post describes an approach on Debian Jessie against AD on Windows 2016 based on this excellent RedHat Guide’s Configuration 3 – SSSD/Kerberos/LDAP. It works very well for me. If you use a Debian-based distribution (Ubuntu, Debian etc) then hopefully it will work for you too.
I originally published this data on the Debian Wiki; I intend to expand it somewhat here.