I have a need for this and gave it a try. See the code here: https://github.com/theforeman/smart-proxy/compare/develop...imphil:realm-ad?expand=1 It's an initial RFC showing the basic idea, and some of the problems.
What works:
- Precreate computer accounts in the directory
- Domain-specific settings for the account attributes
Missing features:
- Rebuilding computer accounts
- Deleting computer accounts
The most problematic part is currently the tool used to perform the AD operations. Essentially I know of two options: msktutil and adcli. Both have problems (at least in our setup). adcli does not work at all due to auth issues and does not allow to specify the computer name (netbios name) independently of the hostname (which is required in our setup). msktutil works great, but doesn't have the ability to delete or reset accounts (for rebuild). So currently I use msktutil to create the accounts, and everything else needs to be done manually. I have, however, bug reports open with msktutil and adcli to fix those problems, let's see how this goes.
Open questions at the moment are (it's a RFC after all :)):
a) Is the general approach OK with you?
b) You can see, there are some very specific settings required for our setup, and I'm sure others have similar ones. Do you think it makes sense to support all that directly in the smart proxy (as I've tried to do), or should we instead just call a 3rd-party script (and deliver a default one) which handles the account creation, which the admin can override?
c) Anything else?