Joining Linux host to Active Directory fails to update Microsoft DNS

linux active-directory ldap kerberos sssd
6,541

I figured out why this was happening. In my environment, I have a secondary Linux DNS server that does not allow dynamic DNS updates except from the Windows master DNS server which is also the domain controller. When the net ads join command is used, it does a DNS lookup for the name server of the domain and sometimes it returns the Linux DNS server as the first answer causing updates to fail. You can force it to use the domain controller/primary DNS server with the -S switch:

net ads join -k -S ns1.example.local createcomputer="Custom/Location".

which solves this problem. Once again I have Wireshark to thank for its help in troubleshooting my issues.

Share:
6,541

Related videos on Youtube

Python Novice
Author by

Python Novice

Updated on September 18, 2022

Comments

  • Python Novice
    Python Novice almost 2 years

    I am joining Linux hosts (CentOS 6) to Active Directory using a special bind account. I've granted delegate permissions to this user and when I join on the default Computers OU, a computer object is created and DNS is updated.

    Now, I've granted this same user delegate permissions to a different OU. However, when I try to join on a different OU using this command:

    net ads join -k createcomputer="Custom/Location"

    a computer object is created, but DNS fails to update with this error message:

    DNS Update for hostname.example.local failed: ERROR_DNS_INVALID_MESSAGE
DNS update failed!

    I'm hoping to get this working so I don't have to manually move newly-created computer objects to the right OU since I've automated the rest of the process already.

    • ErikE
      ErikE almost 9 years
      I have no idea of why this would error out, but a natural workaround is to have the automation move the computer object into the correct OU after it has been created. This is really easy.
  • Vinícius Ferrão
    Vinícius Ferrão almost 9 years
    You should configure a proper DNS infrastructure with Kerberos and BIND9 if you want to use Unix DNS Servers on an Active Directory environment.
  • Python Novice
    Python Novice almost 9 years
    care to share any documentation on setting up Linux DNS infrastructure to work with AD ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Troubles with sssd and Active Directory Integration
How do I clear a user's cached Active Directory password on CentOS 7?
Linux SSSD with two AD Domains
How to determine the Kerberos realm from an LDAP directory?
Linux AD integration, unable to login when using Windows Server 2012 DC
SSSD Kerberos Authentication vs AD
Kerberos "Server not found in kerberos database" using SSH and -K Flag to Linux Machine joined to AD
What are the other alternative to test a LDAP connection on linux machine
How to do ldapsearch with multiple filters?
Edit Sudoers file to allow sudo rights to a AD domain group