Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2941: How to safely join a Cloned VM machine to the domain without disjoining the the source (production) machine?.

Authentication Service ,  

2 June,16 at 04:31 PM

Applies to: Centrify DirectControl  5.0.x



How to safely join a Cloned VM machine to the domain without disjoining the source (production) machine?.

The goal here is not to affect the computer object for the production system but register the cloned VM as a new system to the domain.




  1. Login into the the cloned VM machine as root user. Then do the following to join the cloned VM machine to the domain without doing adleave on the production machine.
  2. Please make sure the Hostname and IP address are modified in the cloned VM machine.
  3. Backup the files in /var/centrifydc .
    #mv /var/centrifydc/*.*  /tmp/
  4. Backup the krb*.* file in /etc.
    #mv /etc/krb*.*  /tmp/
  5. Disconnect the machine from the network
  6. Then run the 'adleave' command with the -f option.
    #adleave -f
    NOTE: The -f option does the adleave only in the local machine. This forces the local computer's settings to their pre-join conditions. It will not do anything in the Active Directory.
  7. Run adinfo to confirm the machine is not joined to the domain anymore.
  8. Backup the folder /var/centrifydc/previous,if it exists. 
    #mv /var/centrifydc/previous  /tmp/
  9. Remove or rename the file  /etc/krb5.keytab
  10. Connect the machine back to the network.
  11. Run 'adinfo' command. It should display as 'Not joined to any domain'
  12. Join the machine to the domain. Run the command 'adjoin' with the appropriate options. 
    adjoin -u <ADusername> --zone <zoneToConnectTheMachine> -c <container> <domainname> -V
  13. When the join is successful, do adinfo and verify if the machine is joined with correct identity.
  14. From Active Directory users & computers, verify if the cloned VM machine shows up.
  15. From the Centrify DirectControl Console, verify if the cloned VM machine shows up as joined in the proper zone.
  16. Please make sure the user profile / login role are set up for the users in the new machine. Then verify login for the users