What happens on the Active Directory side when you run vastool join? (4279854)

What happens on the Active Directory side when you run vastool join?

It joins the Unix host to the Active Directory (Kerberos Realm) Domain. vastool uses the supplied credentials to create a computer object in Active Directory. Each client must have a unique name for a computer object.   It then generates DES and arcfour keys for that object, and stores them in /etc/opt/quest/vas/host.keytab. That file lets vasd communicate with Active Directory. Then vastool join runs vasd to populate the user and group cache, which talks to Active Directory using the newly created host.keytab for access.

More information about the vastool join command is available in the man vastool page which comes with the product download in the doc directory and can be accessed by the man command on the unix system.

-bash-3.00# vastool join

Usage: vastool join [-flwUG] [-I filename] [-h string] [-n computer]  [-c container] [-r string] [-u string] [-g string] [-s string] [-p string]   [--skip-config] [--preload-nested-memberships] [--site-only-usn]   [--site-only-servers] [--no-timesync] [--autogen-posix-attrs]   domain_name [domain_controllers]

-I filename        Load cache from specified quickstart cache export file instead of from the network.
-n computer      Use to specify name of computer object when required default is not unique or too long
-c container     LDAP DN of the container where the computer will be created
-f                    Overwrite existing computer object
-l                    Don't apply Group Policy Settings (if Group Policy is installed)
-w                Enable workstation mode - users will not be cached until they login
-U                            Load all users from the global catalog
-G                            Load all groups from the global catalog
-r string                     Comma-separated list of alternate authentication domains
-u string                     Specify an alternate search path from which to populate the users cache
-g string                     Specify an alternate search path from which to populate the groups caches
-s string                     Specify the site name for this machine

-p string                     Specify the path of the Primary Personality Container
--skip-config                 Skip automatic configuration of PAM, NSS, LAM and SIA
--preload-nested-memberships  After loading users and/or groups, query tokenGroups for all cached users
--site-only-usn               Deprecated, use the "site-only-servers" option.
--site-only-servers           Restricts all LDAP searches to servers servers in this machine's site (no out of site failover).
--no-timesync                 Skip automatic time synchronization
--autogen-posix-attrs         Enable auto generation of Posix IDS for Active Directory Users