Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

Massimiliano Gori
on 28 April 2022

New Active Directory Integration features in Ubuntu 22.04 (part 1)

On April 21 Ubuntu Desktop 22.04 was released with a lot of new, exciting new features for both consumer and enterprise users. Improved Linux Active Directory (AD) integration is historically one of the most requested functionalities by our corporate users, and with 22.04, we decided to act on the feedback and offer a way to natively manage Ubuntu desktops with the same, familiar tools our clients are already using to manage their Windows estate.

This is the first of a series of posts where we will examine the different aspects of the new advanced Active Directory integration functionalities and it will give you an overview of ADsys.

You can find links to the other articles in the series below:

Linux Active Directory integration

According to recent Microsoft figures the majority of medium and large enterprises decide to use Active Directory to manage the identity and compliance of their desktop estate. That has been the case for decades now, and companies have invested heavily to create tools and automation workflows aimed at improving the security and efficiency of their IT admin teams.

Linux desktops, including Debian and Ubuntu, supported Active Directory integration for a very long time through SSSD; however, that was limited to authentication and a small subset of related Group Policy Object policies.

IT system administrators who wanted to use AD to enforce policy compliance or apply remote configuration faced a difficult choice: paying a premium for third-party privileged access management solutions (that are primarily tailored at servers) or relying on a plethora of custom developed tools and scripts.

ADsys, the new Active Directory client

22.04 sees the introduction of a new Active Directory client

Ubuntu Desktop 22.04 sees the introduction of ADsys, our new Active Directory client which contains everything you need to integrate Ubuntu to your Active Directory, including admx and adml template files.

ADsys it is made of two components: adsysd, a daemon that implements the Group Policy protocol and relies on Kerberos, Samba and LDAP for authentication and policy retrieval, and adsysctl, a command line interface that controls the daemon and its status.

ADsys does not replace SSSD and PAM, which are still responsible for user authentication and setting the home directory, rather it compliments them to add the following functionalities:

  • Native Group Policy Object support for both machine and user policies targeting dconf settings on the client machine
  • Privilege management, allowing the possibility to grant or revoke superuser privileges for the default local user, and Active Directory users and groups
  • Custom scripts execution, giving the possibility to schedule shell scripts to be executed at startup, shutdown, login and logout

In addition to these features, the command line tool is able to generate the required .admx and .adml policy files that you can install in Active Directory. Once imported, they can be easily found and modified in the Group Policy Management Editor in Windows Server.

All features have been developed with the intent to align the Active Directory management experience of Ubuntu as closely as possible to the one available in Windows. This was done to flatten the learning curve required by system administrators to securely manage a fleet of Ubuntu desktop computers at scale.

Getting the new features 

While SSSD is an upstream component available for all desktop users, you need an Ubuntu Pro subscription to take advantage of the new advanced features offered by ADsys. You can get a personal license free of charge using your Ubuntu SSO account. ADSys is supported on Ubuntu starting from 20.04.2 LTS, and tested with Windows Server 2019.

We have recently updated the Active Directory integration whitepaper to include a practical step by step guide to help you take you full advantage of the new features. If you want to know more about the inner workings of ADsys you can head to its Github page or read the product documentation.

If you want to learn more about Ubuntu Desktop, Ubuntu Advantage or our advanced Active Directory integration features please do not hesitate to contact us to discuss your needs with one of our advisors.

Read the second part of this article

Find out more

Related posts

Massimiliano Gori
20 April 2023

Azure AD authentication comes to Ubuntu Desktop 23.04

Desktop Article

Ubuntu Desktop 23.04 is the first and only Linux distribution to enable native user authentication with Azure Active Directory (Azure AD) ...

1 May 2024

Canonical releases Landscape 24.04 LTS

Canonical announcements Article

Landscape 24.04 LTS is Landscape’s first LTS release, with a modernised backend, web portal, snap management, and repository management features. ...

25 April 2024

Canonical releases Ubuntu 24.04 LTS Noble Numbat

Canonical announcements Article

Canonical’s 10th Long Term Supported release sets a new standard in performance engineering, enterprise security and developer experience. ...