-
Notifications
You must be signed in to change notification settings - Fork 0
/
pbisjoin.sh
54 lines (41 loc) · 1.42 KB
/
pbisjoin.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/bash
#please set the following vars:
OUPATH=
#example: OU=Unix,OU=Computers,DC=Contoso,DC=com
FQDN=
#example: ad.contoso.com
ADUSER=
#example: za0284
DNPATH=
#example: OU=Unix,OU=Groups,DC=Contoso,DC=com
########
#Do not edit
if [[ -z $OUPATH || -z $FQDN || -z $ADUSER || -z $DNPATH ]]; then
echo 'ERROR: Please define variables'
exit 1
fi
HOSTNAME=$(hostname)
if grep -q '#PBIS Groups' /etc/sudoers
then
echo 'This host is already joined. Exiting.'
exit 0
else
cat <<EOF >> /etc/sudoers
#PBIS Groups
%srv_${HOSTNAME}_sudo ALL=(ALL) ALL
%ux_unix_admin ALL=(ALL) ALL
EOF
fi
/opt/pbis/bin/domainjoin-cli --notimesync --ou $OUPATH join $FQDN $ADUSER
echo "Domain joined"
/opt/pbis/bin/adtool -a new-group --dn $DNPATH --pre-win-2000-name=SRV_${HOSTNAME}_AUTH --name=SRV_${HOSTNAME}_AUTH
/opt/pbis/bin/adtool -a new-group --dn $DNPATH --pre-win-2000-name=SRV_${HOSTNAME}_SUDO --name=SRV_${HOSTNAME}_SUDO
echo "AD Group added"
/opt/pbis/bin/config AssumeDefaultDomain true
/opt/pbis/bin/config UserNotAllowedError "You are not authorized to log on to this system. Contact your system administrator for more information."
/opt/pbis/bin/config RequireMembershipOf "${DOMAIN}\\srv_${HOSTNAME}_auth" "${DOMAIN}\\ux_unix_admin"
/opt/pbis/bin/config UserDomainPrefix "$DOMAIN"
/opt/pbis/bin/config LoginShellTemplate "/bin/bash"
/opt/pbis/bin/config HomeDirPrefix "/home"
echo "PBIS Configuered. Please reboot"
#######