Install packages:
apt install realmd sssd adcli -y
Try if you can discover the Active Directory domain:realm discover domain.local
Join the domain:realm join domain.local -U admin.username
Add access group to be able to login with SSH:realm permit -g 'gp-linux-admins'
Replace the current/generated sssd.conf:cat << EOF > /etc/sssd/sssd.conf
[sssd]
domains = domain.local
config_file_version = 2
services = nss, pam[domain/domain.local]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = DOMAIN.LOCAL
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = domain.local
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
use_fully_qualified_names = False
simple_allow_groups = gp-linux-admins
EOF
Restart SSSD:systemctl restart sssd
Enable automatic creation of homedirectory for the user:cat << EOF >> /etc/pam.d/common-session
session optional pam_mkhomedir.so skel=/etc/skel umask=077
EOF