[AzureADDS] Updates to CoreOS domain-join

Author: iainfoulds

articles/active-directory-domain-services/join-centos-linux-vm.md

@@ -80,7 +80,7 @@ sudo yum install realmd sssd krb5-workstation krb5-libs oddjob oddjob-mkhomedir
 
 ## Join VM to the managed domain
 
-Now that the required packages are installed on the VM and NTP is configured, join the VM to the Azure AD DS managed domain.
+Now that the required packages are installed on the VM, join the VM to the Azure AD DS managed domain.
 
 1. Use the `realm discover` command to discover the Azure AD DS managed domain. The following example discovers the realm *CONTOSO.COM*. Specify your own Azure AD DS managed domain name in ALL UPPERCASE:
 

articles/active-directory-domain-services/join-coreos-linux-vm.md

@@ -1,75 +1,91 @@
 ---
-title: 'Azure Active Directory Domain Services: Join a CoreOS Linux VM | Microsoft Docs'
-description: Join a CoreOS Linux virtual machine to Azure AD Domain Services
+title: Join a CoreOS VM to Azure AD Domain Services | Microsoft Docs'
+description: Learn how to configure and join a CoreOS virtual machine to an Azure AD Domain Services managed domain.
 services: active-directory-ds
-documentationcenter: ''
 author: iainfoulds
 manager: daveba
-editor: curtand
 
 ms.assetid: 5db65f30-bf69-4ea3-9ea5-add1db83fdb8
 ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
-ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: conceptual
-ms.date: 05/20/2019
+ms.date: 09/14/2019
 ms.author: iainfou
 
 ---
-# Join a CoreOS Linux virtual machine to a managed domain
-This article shows you how to join a CoreOS Linux virtual machine in Azure to an Azure AD Domain Services managed domain.
+# Join a CoreOS virtual machine to an Azure AD Domain Services managed domain
 
-[!INCLUDE [active-directory-ds-prerequisites.md](../../includes/active-directory-ds-prerequisites.md)]
+To let users sign in to virtual machines (VMs) in Azure using a single set of credentials, you can join VMs to an Azure Active Directory Domain Services (AD DS) managed domain. When you join a VM to an Azure AD DS managed domain, user accounts and credentials from the domain can be used to sign in and manage servers. Group memberships from the Azure AD DS managed domain are also applied to let you control access to files or services on the VM.
 
-## Before you begin
-To perform the tasks listed in this article, you need:
-1. A valid **Azure subscription**.
-2. An **Azure AD directory** - either synchronized with an on-premises directory or a cloud-only directory.
-3. **Azure AD Domain Services** must be enabled for the Azure AD directory. If you haven't done so, follow all the tasks outlined in the [Getting Started guide](tutorial-create-instance.md).
-4. Ensure that you have configured the IP addresses of the managed domain as the DNS servers for the virtual network. For more information, see [how to update DNS settings for the Azure virtual network](tutorial-create-instance.md#update-dns-settings-for-the-azure-virtual-network)
-5. Complete the steps required to [synchronize passwords to your Azure AD Domain Services managed domain](tutorial-create-instance.md#enable-user-accounts-for-azure-ad-ds).
+This article shows you how to join a CoreOS VM to an Azure AD DS managed domain.
 
+## Prerequisites
+
+To complete this tutorial, you need the following resources and privileges:
+
+* An active Azure subscription.
+    * If you don’t have an Azure subscription, [create an account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+* An Azure Active Directory tenant associated with your subscription, either synchronized with an on-premises directory or a cloud-only directory.
+    * If needed, [create an Azure Active Directory tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
+* An Azure Active Directory Domain Services managed domain enabled and configured in your Azure AD tenant.
+    * If needed, the first tutorial [creates and configures an Azure Active Directory Domain Services instance][create-azure-ad-ds-instance].
+* A user account that's a member of the *Azure AD DC administrators* group in your Azure AD tenant.
+
+## Create and connect to a CoreOS Linux VM
+
+If you have an existing CoreOS Linux VM in Azure, connect to it using SSH, then continue on to the next step to [start configuring the VM](#configure-the-hosts-file).
+
+If you need to create a CoreOS Linux VM, or want to create a test VM for use with this article, you can use one of the following methods:
 
-## Provision a CoreOS Linux virtual machine
-Provision a CoreOS virtual machine in Azure, using any of the following methods:
 * [Azure portal](../virtual-machines/linux/quick-create-portal.md)
 * [Azure CLI](../virtual-machines/linux/quick-create-cli.md)
 * [Azure PowerShell](../virtual-machines/linux/quick-create-powershell.md)
 
-This article uses the **CoreOS Linux (Stable)** virtual machine image in Azure.
-
-> [!IMPORTANT]
-> * Deploy the virtual machine into the **same virtual network in which you have enabled Azure AD Domain Services**.
-> * Pick a **different subnet** than the one in which you have enabled Azure AD Domain Services.
->
+When you create the VM, pay attention to the virtual network settings to make sure that the VM can communicate with the Azure AD DS managed domain:
 
+* Deploy the VM into the same, or a peered, virtual network in which you have enabled Azure AD Domain Services.
+* Deploy the VM into a different subnet than your Azure AD Domain Services instance.
 
-## Connect remotely to the newly provisioned Linux virtual machine
-The CoreOS virtual machine has been provisioned in Azure. The next task is to connect remotely to the virtual machine using the local administrator account created while provisioning the VM.
+Once the VM is deployed, follow the steps to connect to the VM using SSH.
 
-Follow the instructions in the article [How to sign in to a virtual machine running Linux](../virtual-machines/linux/mac-create-ssh-keys.md?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json).
+## Configure the hosts file
 
-
-## Configure the hosts file on the Linux virtual machine
-In your SSH terminal, edit the /etc/hosts file and update your machine’s IP address and hostname.
+To make sure that the VM host name is correctly configured for the managed domain, edit the */etc/hosts* file and set the hostname:
 
 ```console
 sudo vi /etc/hosts
 ```
 
-In the hosts file, enter the following value:
+In the *hosts* file, update the *localhost* address. In the following example:
+
+* *contoso.com* is the DNS domain name of your Azure AD DS managed domain.
+* *coreos* is the hostname of your CoreOS VM that you're joining to the managed domain.
+
+Update these names with your own values:
 
 ```console
-127.0.0.1 contoso-coreos.contoso.com contoso-coreos
+127.0.0.1 coreos coreos.contoso.com
 ```
 
-Here, 'contoso.com' is the DNS domain name of your managed domain. 'contoso-coreos' is the hostname of the CoreOS virtual machine you are joining to the managed domain.
+When done, save and exit the *hosts* file using the `:wq` command of the editor.
+
+## Configure the SSSD service
+
+Update the */etc/sssd/sssd.conf* SSSD configuration.
+
+```console
+sudo vi /etc/sssd/sssd.conf
+```
 
+Specify your own Azure AD DS managed domain name for the following parameters:
 
-## Configure the SSSD service on the Linux virtual machine
-Next, update your SSSD configuration file in ('/etc/sssd/sssd.conf') to match the following sample:
+* *domains* in ALL UPPER CASE
+* *[domain/CONTOSO]* where CONTOSO is in ALL UPPER CASE
+* *ldap_uri*
+* *ldap_search_base*
+* *krb5_server*
+* *krb5_realm* in ALL UPPER CASE
 
 ```console
 [sssd]
@@ -98,57 +114,61 @@ krb5_server = contoso.com
 krb5_realm = CONTOSO.COM
 ```
 
-Replace 'CONTOSO.COM' with the DNS domain name of your managed domain. Make sure you specify the domain name in capital case in the conf file.
+## Join the Linux virtual machine to the managed domain
 
+With the SSSD configuration file updated, now join the virtual machine to the managed domain.
 
-## Join the Linux virtual machine to the managed domain
-Now that the required packages are installed on the Linux virtual machine, the next task is to join the virtual machine to the managed domain.
+1. First, use the `adcli info` command to verify you can see information about the Azure AD DS managed domain. The following example gets information for the domain *CONTOSO.COM*. Specify your own Azure AD DS managed domain name in ALL UPPERCASE:
 
-```console
-sudo adcli join -D CONTOSO.COM -U bob@CONTOSO.COM -K /etc/krb5.keytab -H contoso-coreos.contoso.com -N coreos
-```
+    ```console
+    sudo adcli info CONTOSO.COM
+    ```
 
+   If the `adcli info` command can't find your Azure AD DS managed domain, review the following troubleshooting steps:
 
-> [!NOTE]
-> **Troubleshooting:**
-> If *adcli* is unable to find your managed domain:
->   * Ensure that the domain is reachable from the virtual machine (try ping).
->   * Check that the virtual machine has indeed been deployed to the same virtual network in which the managed domain is available.
->   * Check to see if you have updated the DNS server settings for the virtual network to point to the domain controllers of the managed domain.
+    * Make sure that the domain is reachable from the VM. Try `ping contoso.com` to see if a positive reply is returned.
+    * Check that the VM is deployed to the same, or a peered, virtual network in which the Azure AD DS managed domain is available.
+    * Confirm that the DNS server settings for the virtual network have been updated to point to the domain controllers of the Azure AD DS managed domain.
 
-Start the SSSD service. In your SSH terminal, type the following command:
-  
-```console
-sudo systemctl start sssd.service
-```
+1. Now join the VM to the Azure AD DS managed domain using the `adcli join` command. Specify a user that belongs to the *AAD DC Administrators* group. If needed, [add a user account to a group in Azure AD](../active-directory/fundamentals/active-directory-groups-members-azure-portal.md).
+
+    Again, the Azure AD DS managed domain name must be entered in ALL UPPERCASE. In the following example, the account named `[email protected]` is used to initialize Kerberos. Enter your own user account that's a member of the *AAD DC Administrators* group.
 
+    ```console
+    sudo adcli join -D CONTOSO.COM -U [email protected] -K /etc/krb5.keytab -H coreos.contoso.com -N coreos
+    ```
 
-## Verify domain join
-Verify whether the machine has been successfully joined to the managed domain. Connect to the domain joined CoreOS VM using a different SSH connection. Use a domain user account and then check to see if the user account is resolved correctly.
+    The `adcli join` command doesn't return any information when the VM has successfully joined to the Azure AD DS managed domain.
 
-1. In your SSH terminal, type the following command to connect to the domain joined CoreOS virtual machine using SSH. Use a domain account that belongs to the managed domain (for example, '[email protected]' in this case.)
-    
+1. To apply the domain-join configuration, start the SSSD service:
+  
     ```console
-    ssh -l [email protected] contoso-coreos.contoso.com
+    sudo systemctl start sssd.service
     ```
 
-2. In your SSH terminal, type the following command to see if the home directory was initialized correctly.
-    
+## Sign in to the VM using a domain account
+
+To verify that the VM has been successfully joined to the Azure AD DS managed domain, start a new SSH connection using a domain user account. Confirm that a home directory has been created, and that group membership from the domain is applied.
+
+1. Create a new SSH connection from your console. Use a domain account that belongs to the managed domain using the `ssh -l` command, such as `[email protected]` and then enter the address of your VM, such as *coreos.contoso.com*. If you use the Azure Cloud Shell, use the public IP address of the VM rather than the internal DNS name.
+
     ```console
-    pwd
+    ssh -l [email protected] coreos.contoso.com
     ```
 
-3. In your SSH terminal, type the following command to see if the group memberships are being resolved correctly.
-   
+1. Now check that the group memberships are being resolved correctly:
+
     ```console
     id
     ```
 
+    You should see your group memberships from the Azure AD DS managed domain.
+
+## Next steps
 
-## Troubleshooting domain join
-Refer to the [Troubleshooting domain join](join-windows-vm.md#troubleshoot-domain-join-issues) article.
+If you have problems connecting the VM to the Azure AD DS managed domain or signing in with a domain account, see [Troubleshooting domain join issues](join-windows-vm.md#troubleshoot-domain-join-issues).
 
-## Related Content
-* [Azure AD Domain Services - Getting Started guide](tutorial-create-instance.md)
-* [Join a Windows Server virtual machine to an Azure AD Domain Services managed domain](active-directory-ds-admin-guide-join-windows-vm.md)
-* [How to sign in to a virtual machine running Linux](../virtual-machines/linux/mac-create-ssh-keys.md?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json).
+<!-- INTERNAL LINKS -->
+[create-azure-ad-tenant]: ../active-directory/fundamentals/sign-up-organization.md
+[associate-azure-ad-tenant]: ../active-directory/fundamentals/active-directory-how-subscriptions-associated-directory.md
+[create-azure-ad-ds-instance]: tutorial-create-instance.md

articles/active-directory-domain-services/join-rhel-linux-vm.md

@@ -80,7 +80,7 @@ sudo yum install realmd sssd krb5-workstation krb5-libs oddjob oddjob-mkhomedir
 
 ## Join VM to the managed domain
 
-Now that the required packages are installed on the VM and NTP is configured, join the VM to the Azure AD DS managed domain.
+Now that the required packages are installed on the VM, join the VM to the Azure AD DS managed domain.
 
 1. Use the `realm discover` command to discover the Azure AD DS managed domain. The following example discovers the realm *CONTOSO.COM*. Specify your own Azure AD DS managed domain name in ALL UPPERCASE: