2

I am joining Linux hosts (CentOS 6) to Active Directory using a special bind account. I've granted delegate permissions to this user and when I join on the default Computers OU, a computer object is created and DNS is updated.

Now, I've granted this same user delegate permissions to a different OU. However, when I try to join on a different OU using this command:

net ads join -k createcomputer="Custom/Location"

a computer object is created, but DNS fails to update with this error message:

DNS Update for hostname.example.local failed: ERROR_DNS_INVALID_MESSAGE
DNS update failed!

I'm hoping to get this working so I don't have to manually move newly-created computer objects to the right OU since I've automated the rest of the process already.

Python Novice
  • 341
  • 1
  • 4
  • 12
  • I have no idea of why this would error out, but a natural workaround is to have the automation move the computer object into the correct OU after it has been created. This is really easy. – ErikE Jun 28 '15 at 16:30

1 Answers1

1

I figured out why this was happening. In my environment, I have a secondary Linux DNS server that does not allow dynamic DNS updates except from the Windows master DNS server which is also the domain controller. When the net ads join command is used, it does a DNS lookup for the name server of the domain and sometimes it returns the Linux DNS server as the first answer causing updates to fail. You can force it to use the domain controller/primary DNS server with the -S switch:

net ads join -k -S ns1.example.local createcomputer="Custom/Location".

which solves this problem. Once again I have Wireshark to thank for its help in troubleshooting my issues.

Python Novice
  • 341
  • 1
  • 4
  • 12
  • 2
    You should configure a proper DNS infrastructure with Kerberos and BIND9 if you want to use Unix DNS Servers on an Active Directory environment. – Vinícius Ferrão Jun 28 '15 at 16:47
  • 1
    ..or use Windows DNS throughout. I only mix when a requirement is split idns/edns for specific zones aside from the AD domains. – ErikE Jun 28 '15 at 19:04
  • care to share any documentation on setting up Linux DNS infrastructure to work with AD ? – Python Novice Jun 28 '15 at 19:41