Run it as a script
bash <(curl -sL https://gist.githubusercontent.com/Misaka-12450/a057acf14de4c5143ca1abcd58564076/raw/afc80f119dcff57ec054195581f51f7ab2bb20d0/join-active-directory.sh)

1. Add PTR records to your AD DNS servers.

# List reverse zones
Get-DnsServerZone -ZoneType ReverseLookup

# If zone does not exist, add one
Add-DnsServerPrimaryZone -NetworkId "192.168.89.0/24" -ReplicationScope "Domain"

# Add PTR records for all of your domain controllers (DC)
Add-DnsServerResourceRecordPtr -Name "64" -ZoneName "89.168.192.in-addr.arpa" `
    -PtrDomainName "ADDC.ad.misaka-12450.com"

2. Make sure the DNS server on the Debian client points to the AD DC.

nslookup ad.misaka-12450.com

3. Install packages on the client.

apt install adcli packagekit samba-common-bin realmd

4. Test that the client can reach the DC.

realm -v discover ad.misaka-12450.com

5. Join the domain.

realm -v join ad.misaka-12450.com -U misaka-12450

6. Enable auto DNS updates by editing /etc/sssd/sssd.conf.

[domain/ad.misaka-12450.com]
# Add the following lines under your domain
dyndns_update = true
dyndns_update_ptr = true
dyndns_iface = eth0 # Change to your actual port

7. Edit the sudoers file.

sudo visudo

8. Add this line to the end of the file.

%domain\ [email protected] ALL=(ALL) NOPASSWD: ALL

9. Check that the sudoers file is correctly loaded.

sudo visudo -c

10. Automatically create home directories for AD users.

pam-auth-update --enable mkhomedir

11. Check that your AD user has sudo permission.

su [email protected]
sudo whoami