Linux Active Directory (AD) integration is historically one of the most requested functionalities by our corporate users, and with Ubuntu Desktop 22.04, we introduced ADsys, our new Active Directory client. This blog post is part 2 of a series where we will explore the new functionalities in more detail. (Part 1 – Introduction)
In this article we will focus on how Group Policy Objects (GPOs) can be used by ADsys to change dconf settings in Ubuntu after a client has been successfully joined to a domain.
In this area, as well as for all the other new features delivered by ADsys, we tried to offer a user experience as close as possible to the native one available in Microsoft Windows, with the aim of enabling IT admins to reuse the same knowledge and tools they acquired over the years to manage Ubuntu desktops.
Similar to Windows clients, the first step to tell AD to what features it can manage is to import an administrative template. We offer the choice of both the language-specific .adml files and the language-neutral .admx files.
The administrative templates need to be imported in the Central Store in the sysvol folder on a Windows domain controller. The Central Store is a file location that the Group Policy Tools check by default and that is replicated in all the domain controllers. If you want to learn more information Microsoft provides extensive documentation on how to create and manage a central store.
Once a device is joined to the domain, ADsys provides a command line interface which is able to download the relevant templates for the distribution that you are running. The administrative templates support different data types and the management consoles adapts the UI according to the property you are going to modify (e.g. boolean, lists, etc.)
We will continue supporting the tool and release updated templates compatible with newer versions of Ubuntu. You can see which templates are available by going to the relevant section of the project Github page.
Group Policy Objects can be used to change any of the dconf settings. Compatibility to additional policy managers might be extended in the future based on usage and customer demand.
Similar to Windows we offer both user and computer policies, which can be accessed by navigating to the Ubuntu administrative template section of Active Directory. GPO rules can have the traditional enabled, disabled and not configured states and their precedence follows the same, default Active Directory constructs. (i.e. machine policies take precedence over user ones)
Similar to windows GPOs are applied:
The settings are applied to the relevant users on the client and they can be overwritten only by local machine administrators.
It is important to note that ADsys does not replace SSSD, rather it compliments it. The Active Directory Security Policies that are currently managed or partially supported by SSSD are not duplicated in ADsys.
SSSD is part of all versions of Ubuntu starting from 18.04 and you can find further information on our documentation or the upstream project page.
The features described in this blog post are available for free for all Ubuntu users, however you need an Ubuntu Advantage subscription to take advantage of the privilege management and remote scripts execution features. You can get a personal license free of charge using your Ubuntu SSO account. ADSys is supported on Ubuntu starting from 20.04.2 LTS, and tested with Windows Server 2019.
We have recently updated the Active Directory integration whitepaper to include a practical step by step guide to help you take you full advantage of the new features. If you want to know more about the inner workings of ADsys you can head to its Github page or read the product documentation.
If you want to learn more about Ubuntu Desktop, Ubuntu Advantage or our advanced Active Directory integration features please do not hesitate to contact us to discuss your needs with one of our advisors.
One of the most critical gaps in traditional Large Language Models (LLMs) is that they…
Canonical is continuously hiring new talent. Being a remote- first company, Canonical’s new joiners receive…
What is patching automation? With increasing numbers of vulnerabilities, there is a growing risk of…
Wouldn’t it be wonderful to wake up one day with a desire to explore AI…
Ubuntu and Ubuntu Pro supports Microsoft’s Azure Cobalt 100 Virtual Machines (VMs), powered by their…
Welcome to the Ubuntu Weekly Newsletter, Issue 870 for the week of December 8 –…