bind

Use the bind command to bind ADEdit to a domain. Multiple bind commands can bind ADEdit to multiple domains in multiple forests. ADEdit must be bound to at least one domain before its commands have any effect on Active Directory or Centrify objects. When ADEdit is bound to multiple domains, its commands can work on any of those domains.

You can use bind to bind to any domain for which the DNS can resolve a name and for which you have log-in permission. ADEdit’s host computer does not need to be joined to a domain for ADEdit to bind to and work on that domain.

You can optionally specify a server in the domain to bind to, in which case ADEdit binds to that domain controller. If you don’t specify a server, ADEdit automatically binds to the closest, fastest domain controller. You can use options to request automatic binding to a global catalog (GC) domain controller or to a writable domain controller.

You can authorize the bind connection to a domain controller in the following ways:

  • If you provide no user or password arguments, bind uses the user name and password stored in the current Kerberos credential cache on the ADEdit host computer.
  • If you provide a user argument without the password argument, bind in interactive mode prompts you for a password, then uses the user argument along with your entered password for authorization.
  • If you provide a user argument and password argument, bind uses the user and password arguments for authorization.
  • If you specify the -machine option, ADEdit authenticates using the credentials for the ADEdit host computer. You cannot provide user or password arguments if you specify the -machine option. Note that you must have read permission on the host’s credential files to use this option, so you must typically have root permissions to use the option.

Zone type

Not applicable

Syntax

bind [-gc] [-write] [-machine] [server@]domain [user [password]]

Abbreviation

None

Options

This command takes the following options:

Option Description

-gc

Requests an automatic binding to a global catalog (GC) domain controller. This option has no effect if there’s a domain controller specified using the server argument.

-write

Requests an automatic binding to a writable domain controller. This option has no effect if there’s a domain controller specified using the server argument.

-machine

Binds using the credentials for the ADEdit host computer.

Note that most computer accounts have only read permission, not write permission for Active Directory. To use this option, you must have read permission on the local computer’s keytab file and credentials cache. In most cases, only the root user has this right.

Arguments

This command takes the following arguments:

Argument Type Description

[server]@domain

string

Required. Specifies the domain to bind to.

If you want to specify a domain controller to connect to, precede the domain with the name of the domain controller’s server followed by the “@” symbol. If you don’t specify a domain controller, bind performs an automatic binding to the domain controller that ADEdit determines is most optimal for binding.

[user]

string

Optional. Specifies the user name for logging on to the domain controller.

If you don’t specify this argument and the -machine option is also not present, ADEdit attempts to log on using your current account credentials.

If you specify the -machine option, you cannot use this argument.

[password]

string

Optional. Requires the user argument. Specifies the password to use when logging on to the domain controller as user.

Return value

This command returns no value.

Examples

The following example binds ADEdit to the domain acme.com, logging in as administrator with the password #3gEgh^&4:

bind acme.com administrator #3gEgh^&4

Note that a password that includes Tcl-special characters such as $ might trigger character substitution that modifies the password. To ensure that a password isn’t altered by the Tcl interpreter, enclose the password in braces ({}). For example:

bind acme.com maya,garcia {$m1l3s88}

Related commands

The following commands perform actions related to the bind command:

  • get_bind_info returns information about a domain to which ADEdit is bound.
  • pop restores the context from the top of ADEdit’s context stack to ADEdit.
  • push saves ADEdit’s current context to ADEdit’s context stack.
  • show returns the current context of ADEdit: its bound domains and its currently selected objects.