azureADJoin.sh

#!/bin/sh
# From https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-ubuntu-linux-vm#configure-the-hosts-file


# Run Updates (not included in docs)

sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install curl wget 



sudo pico /etc/hosts
	<custom ip addr> ubuntu.aaddscontoso.com ubuntu

# Install dependancies
sudo apt-get update
sudo apt-get install krb5-user samba sssd sssd-tools libnss-sss libpam-sss ntp ntpdate realmd adcli

# Configure network time
sudo pico /etc/ntp.conf
	server <dns domain name>
sudo systemctl stop ntp
sudo ntpdate <dns domain name>
sudo systemctl start ntp

# Setup AAD authentication
sudo realm discover <custom AAD domain>
kinit -V <admin user>@<custom AAD domain>
sudo realm join --verbose <custom AAD domain> -U '<admin user>@<custom AAD domain>' --install=/

# Allow AAD authentication from Azure servers
sudo pico /etc/sssd/sssd.conf
	# use_fully_qualified_names = True
sudo systemctl restart sssd
sudo pico /etc/ssh/sshd_config
	PasswordAuthentication yes
sudo systemctl restart ssh

# Manage first time users
sudo pico /etc/pam.d/common-session
# /etc/skel is the 'skeleton' directory, basically a copy with all files for the new home directory for the user
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
sudo visudo
	# Add 'AAD DC Administrators' group members as admins.
	%AAD\ DC\ Administrators ALL=(ALL) NOPASSWD:ALL