Joining Active Directory

Test on freshly installed Debian 9.
Credit goes: https://www.tecmint.com/integrate-ubuntu-to-samba4-ad-dc-with-sssd-and-realm/

Make sure the hostname has been updated. (hostnamectl set-hostname newhostname).
apt install adcli realmd sssd sssd-tools packagekit policykit-1 apt install samba-common-bin samba-libs samba-dsdb-modules apt install krb5-user Join the "the.domain.name" domain:
realm join the.domain.name
Update /etc/sssd/sssd.conf: (Optional)
(I prefer to have use_fully_qualified_names = False and customize fallback_homedir)
(Also, default_shell = /usr/bin/zsh for me. ) [sssd] domains = the.domain.name config_file_version = 2 services = nss, pam [domain/the.domain.name] ad_domain = the.domain.name krb5_realm = THE.DOMAIN.NAME realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = False fallback_homedir = /home/%d/%u access_provider = ad
Add pam_mkhomedir.so to /etc/pam.d/common-session
session optional pam_mkhomedir.so skel=/etc/skel umask=077 Restart sssd service systemctl restart sssd
Try to identify a domain user with id id Administrator
The output should be something like this:
uid=900000500(administrator) gid=900000512(domain admins) groups=900000512(domain admins),900000520(group policy creator owners),900000519(enterprise admins),900001105(dc backup hosts),900001103(computers),900000518(schema admins),900000513(domain users),900000572(denied rodc password replication group),900001104(dc slave hosts)