On April 21 Ubuntu Desktop 22.04 was released with a lot of new, exciting new features for both consumer and enterprise users. Improved Linux Active Directory (AD) integration is historically one of the most requested functionalities by our corporate users, and with 22.04, we decided to act on the feedback and offer a way to natively manage Ubuntu desktops with the same, familiar tools our clients are already using to manage their Windows estate.
This is the first of a series of posts where we will examine the different aspects of the new advanced Active Directory integration functionalities and it will give you an overview of ADsys.
According to recent Microsoft figures the majority of medium and large enterprises decide to use Active Directory to manage the identity and compliance of their desktop estate. That has been the case for decades now, and companies have invested heavily to create tools and automation workflows aimed at improving the security and efficiency of their IT admin teams.
Linux desktops, including Debian and Ubuntu, supported Active Directory integration for a very long time through SSSD; however, that was limited to authentication and a small subset of related Group Policy Object policies.
IT system administrators who wanted to use AD to enforce policy compliance or apply remote configuration faced a difficult choice: paying a premium for third-party privileged access management solutions (that are primarily tailored at servers) or relying on a plethora of custom developed tools and scripts.
Ubuntu Desktop 22.04 sees the introduction of ADsys, our new Active Directory client which contains everything you need to integrate Ubuntu to your Active Directory, including admx and adml template files.
ADsys it is made of two components: adsysd, a daemon that implements the Group Policy protocol and relies on Kerberos, Samba and LDAP for authentication and policy retrieval, and adsysctl, a command line interface that controls the daemon and its status.
ADsys does not replace SSSD and PAM, which are still responsible for user authentication and setting the home directory, rather it compliments them to add the following functionalities:
In addition to these features, the command line tool is able to generate the required .admx and .adml policy files that you can install in Active Directory. Once imported, they can be easily found and modified in the Group Policy Management Editor in Windows Server.
All features have been developed with the intent to align the Active Directory management experience of Ubuntu as closely as possible to the one available in Windows. This was done to flatten the learning curve required by system administrators to securely manage a fleet of Ubuntu desktop computers at scale.
While SSSD is an upstream component available for all desktop users, you need an Ubuntu Advantage subscription to take advantage of the new advanced features offered by ADsys. You can get a personal license free of charge using your Ubuntu SSO account. ADSys is supported on Ubuntu starting from 20.04.2 LTS, and tested with Windows Server 2019.
We have recently updated the Active Directory integration whitepaper to include a practical step by step guide to help you take you full advantage of the new features. If you want to know more about the inner workings of ADsys you can head to its Github page or read the product documentation.
If you want to learn more about Ubuntu Desktop, Ubuntu Advantage or our advanced Active Directory integration features please do not hesitate to contact us to discuss your needs with one of our advisors.
One of the most critical gaps in traditional Large Language Models (LLMs) is that they…
Canonical is continuously hiring new talent. Being a remote- first company, Canonical’s new joiners receive…
What is patching automation? With increasing numbers of vulnerabilities, there is a growing risk of…
Wouldn’t it be wonderful to wake up one day with a desire to explore AI…
Ubuntu and Ubuntu Pro supports Microsoft’s Azure Cobalt 100 Virtual Machines (VMs), powered by their…
Welcome to the Ubuntu Weekly Newsletter, Issue 870 for the week of December 8 –…