Applies to: Centrify DirectControl 5.0.x
Question:
How to safely join a Cloned VM machine to the domain without disjoining the source (production) machine?.
The goal here is not to affect the computer object for the production system but register the cloned VM as a new system to the domain.
Answer:
- Login into the the cloned VM machine as root user. Then do the following to join the cloned VM machine to the domain without doing adleave on the production machine.
- Please make sure the Hostname and IP address are modified in the cloned VM machine.
- Backup the files in /var/centrifydc .
#mv /var/centrifydc/*.* /tmp/
- Backup the krb*.* file in /etc.
#mv /etc/krb*.* /tmp/
- Disconnect the machine from the network
- Then run the 'adleave' command with the -f option.
#adleave -f
NOTE: The -f option does the adleave only in the local machine. This forces the local computer's settings to their pre-join conditions. It will not do anything in the Active Directory. - Run adinfo to confirm the machine is not joined to the domain anymore.
#adinfo
- Backup the folder /var/centrifydc/previous,if it exists.
#mv /var/centrifydc/previous /tmp/
- Remove or rename the file /etc/krb5.keytab
- Connect the machine back to the network.
- Run 'adinfo' command. It should display as 'Not joined to any domain'
- Join the machine to the domain. Run the command 'adjoin' with the appropriate options.
adjoin -u <ADusername> --zone <zoneToConnectTheMachine> -c <container> <domainname> -V
- When the join is successful, do adinfo and verify if the machine is joined with correct identity.
- From Active Directory users & computers, verify if the cloned VM machine shows up.
- From the Centrify DirectControl Console, verify if the cloned VM machine shows up as joined in the proper zone.
- Please make sure the user profile / login role are set up for the users in the new machine. Then verify login for the users