Once the computer is joined to an Active Directory domain, you can configure the machine so that you can log in with domain accounts.

To permit any domain account to log in, use the following command.

$ realm permit --realm domain.example.com --all

To permit only specific accounts from the domain to log in use the following command. The first time this command is run it will change the mode to only allow logins by specific accounts, and then add the specified accounts to the list of accounts to permit.

$ realm permit --realm domain.example.com DOMAIN\\User1 DOMAIN\\User2

To deny logins from any domain account, use the following command.

$ realm deny --realm domain.example.com --all