The Red Hat Enterprise Linux 7 installer now features the ability to join an Active Directory domain. Instead of placing administrator passwords into an installation kickstart file, you can now use one-time passwords for improved security. This demonstration assumes that you have a process in place to deploy Red Hat Enterprise Linux using kickstart files. Since each computer account in the Active Directory domain has a unique computer account name, you need to either provide a separate kickstart file for each host, or provide unique hostnames from DHCP to match those computer accounts. Before installation, create a computer account in the Active Directory domain. You can use the tools on the Active Directory server to do this, or you can use theadclitool provided in theadclipackage for this purpose. Useadcli preset-computerto specify a one time password. Of course you will need to provide the domain administrator credentials to run the tool. The computer name is displayed to confirm a successful operation. Once this happens, the computer account is present in the Active Directory domain, but is inactive. Now you can edit your installation kickstart file. First, the kickstart file should ensure that the target machine receives the correct hostname. One way to do this is to use thenetwork –hostnamecommand. If you provide hostnames through DHCP, you should ensure that DHCP is serving out correct name information for the target host. Next, add the appropriaterealm joincommand to the kickstart file. If you’ve chosen to use one time passwords as described previously, add the–one-time-passwordoption and provide the password you set earlier. If you have previously created the computer accounts using tools in the Active Directory server itself, use the–no-passwordoption to join the domain. In both cases, of course you should also provide the domain name. When you run the installation, if you are monitoring the progress, the installer shows you feedback that the system is joining the realm, as part of the post-installation tasks. After installation, you can use therealm listcommand to verify that the system is joined to the Active Directory domain. In addition, credentials are successfully integrated across the domain to your new system. If you use thegetentcommand, you can access user information in the Active Directory domain as expected. This also means you can login to the system directly, using an Active Directory domain account.