Joining RHEL Or Any Other Linux Machine Directly To Microsoft Active Directory
Red Hat News, Friday, August 4,2023
Managing access to systems on your network can be challenging. I've seen admins create all users on all machines, others that share accounts using SSH keys or even passwords, and still others that use LDAP binding (sometimes using the existing Active Directory infrastructure and sometimes using a separate domain) which requires them to write LDAP queries to filter access.
All these methods make managing access to machines difficult, and they require the admins to be informed when someone has left or joined a team. Shared accounts can make logging mostly useless as everyone will have the same username. And I'm probably not alone in having a bad experience with HR informing technical teams when there's a change to a team. However, there's a solution for all of this, and it works well, and integrates with common enterprise setups.
Most companies I've come across have some form of ERP system that automatically creates, disables, or deletes user accounts in Microsoft Active Directory (AD), so you can take advantage of the work that others are doing. For example, SSSD can connect directly to AD.