Join Ubutnu 14.04 to an Active Directory Domain

In this post I will explain how to join your Ubuntu 14.04 server to an Active Directory domain and use AD credentials to login.

Firstly ensure you have a static IP Address and you have setup a dns-search in your /etc/network/interfaces file.

1) Elevate your privileges to install and configure.  Normally I would use sudo, but in the instance I will run as root, as all commands need elevated privileges.

sudo -s

2) Now download the Power Broker Identity Services, Open Edition package.  This is the package that will be used to bind with the domain.


3) Now install the package, firstly using chmod to add execute permissions to the file.

chmod a+x



4)  Now you will need to join your server to the domain (in this case the domain name is

sudo -s

/opt/pbis/bin/domainjoin-cli join [email protected]


5)  Now we need to add the domain prefix to user logins, assume when logging in we are a domain user, set the shell, update DNS with our IP Address, and purge the local AD cache.

sudo -s
/opt/pbis/bin/config UserDomainPrefix contoso
/opt/pbis/bin/config AssumeDefaultDomain true
/opt/pbis/bin/config LoginShellTemplate /bin/bash
/opt/pbis/bin/ad-cache --delete-all

6) There is a bug with PAM using PIBS, so we need to make a small configuration change.

sudo nano /etc/pam.d/common-session

Find the line that contains and replace it with the following:

session [success=ok default=ignore]

7) On your domain controller, add a new group called LinuxAdmins and add the relevant users.

8) Now we need to add this group to the sudoers file

sudo visudo

Add the following line into this file:

%linuxadmins ALL=(ALL:ALL) ALL

9) Now reboot again

sudo reboot

10) If you run the following command you will see you group membership


11) You should see that your user is a member of the “LinuxAdmins” group or a member of the “contoso\linuxadmins” group.  You should now be able to use sudo to elevate your privileges.  If you cannot, you can try the following:

sudo visudo

Replace the line added in step 8 with the following (with the double \\ after the domain name)

%contoso\\linuxadmins ALL=(ALL:ALL) ALL\\linuxadmins ALL=(ALL:ALL) ALL