Joining a Uwuntu Machine to the Domain and Enabling RDP

A screenshot of Uwuntu's Budgie Desktop upon signing in

A screenshot of Uwuntu's Budgie Desktop upon signing in

This is another guide pieced together during our recent network overhaul and expansion project. This is the second image we built and there wasn’t much of a difference between Linux Mint and this Uwuntu instance. This article is longer. Uwuntu is a variant of Ubuntu that is jam packed with all kinds of little Anime and weeb goodies for you to enjoy. You can thank @PenguinPlans for introducing this fun to the community over in our Discord.
The version of Uwuntu used for this guide is 22.10 with the default Budgie desktop environment, but you may have success with other versions and desktops, or maybe even with OG Ubuntu itself.

Follow these detailed steps to join your Uwuntu machine to the domain and enable RDP functionality.

Step 1: Update and Install Necessary Software

First, update your system and install the required software, including SSH.

sudo apt update
sudo apt upgrade -y
sudo apt-get install -y openssh-server # OPTIONAL
sudo reboot

Step 2: Install Required Packages and Prepare the System

Next, install the necessary packages for domain integration and configure some initial settings.

sudo apt-get install realmd sssd sssd-tools samba-common krb5-user packagekit samba-common-bin samba-libs adcli lightdm-gtk-greeter libpam-mkhomedir xrdp xorgxrdp
# When prompted, enter: YOURDOMAIN.COM
sudo usermod -a -G ssl-cert xrdp
sudo nano /etc/xrdp/

Replace the contents of with the following script to support the Budgie desktop:

if test -r /etc/profile; then
        . /etc/profile

# Add support for Budgie
export DESKTOP_SESSION=budgie-desktop
export XDG_SESSION_DESKTOP=budgie-desktop
export XDG_CONFIG_DIRS=/etc/xdg/xdg-budgie-desktop:/etc/xdg

exec /usr/bin/budgie-desktop

Remove the avahi-daemon package:

sudo apt -y remove avahi-daemon
sudo nano /etc/sudoers # OPTIONAL

OPTIONAL: Add the following lines under the sudo section if you have any admin groups in AD that you’d like to have access to sudo:

%myWorkstationAdmins ALL=(ALL) ALL
%myDomainAdmins ALL=(ALL) ALL

Step 3: Configure Login Screen Integration

Update PAM configuration to create home directories automatically upon first login.

sudo pam-auth-update --enable mkhomedir
sudo nano /etc/pam.d/common-session

Add the following line:

session required skel=/etc/skel/ umask=0022

Update the LightDM PAM configuration:

sudo nano /etc/pam.d/lightdm

Replace the entire file with the following…

# /etc/pam.d/lightdm - PAM configuration for LightDM
# Prevent non-root users from login when /etc/nologin exists
auth    requisite
# Allow users in the 'nopasswdlogin' group to bypass authentication
auth    sufficient user ingroup nopasswdlogin
# Include common authentication settings
@include common-auth
# Optional support for GNOME and KDE keyrings
-auth   optional
-auth   optional
-auth   optional

# Include common account settings
@include common-account

# Include common session settings
session [success=ok ignore=ignore module_unknown=ignore default=bad] close
#session required
session required
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] open
-session optional auto_start
-session optional auto_start
-session optional auto_start
session required readenv=1
session required readenv=1 user_readenv=1 envfile=/etc/default/locale

# Include common password settings
@include common-password

# Allow users to be authenticated by SSSD
auth    sufficient

# Include common account settings again for pam_sss
account [default=bad success=ok user_unknown=ignore]

# Include common session settings again for pam_sss
session optional

# Include common password settings again for pam_sss
password sufficient

Update LightDM configuration:

sudo nano /etc/lightdm/lightdm.conf

Add the following lines:


Update the LightDM greeter configuration:

sudo nano /etc/pam.d/lightdm-greeter

Add the following lines to the top of the file:

auth    required
account required
session required

Step 4: Join the Domain and Configure SSSD

Configure DNS and host files for domain joining:

sudo nano /etc/resolv.conf

Replace the nameserver line:


Make the file immutable to prevent changes:

sudo chattr +i /etc/resolv.conf
sudo nano /etc/hosts

Replace the second line:       myServer

Add the domain controller to the hosts file:

sudo -i
sudo echo myServer >> /etc/hosts

Discover and join the domain:

sudo realm discover
sudo realm join --user=Administrator
sudo id [email protected]  # TEST

Configure SSSD:

sudo nano /etc/sssd/sssd.conf

Match the following configuration:

domains =
config_file_version = 2
services = nss, pam

default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = YOURDOMAIN.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain =
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad
ad_gpo_access_control = permissive

filter_groups = root
filter_users = root
reconnection_retries = 3

reconnection_retries = 3

Set the correct permissions and reboot:

sudo chmod 600 /etc/sssd/sssd.conf
sudo reboot

That’s all.

Leave a Reply

Your email address will not be published. Required fields are marked *