Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Massimiliano Gori
on 28 April 2022

New Active Directory Integration features in Ubuntu 22.04 (part 1)


On April 21 Ubuntu Desktop 22.04 was released with a lot of new, exciting new features for both consumer and enterprise users. Improved Linux Active Directory (AD) integration is historically one of the most requested functionalities by our corporate users, and with 22.04, we decided to act on the feedback and offer a way to natively manage Ubuntu desktops with the same, familiar tools our clients are already using to manage their Windows estate.

This is the first of a series of posts where we will examine the different aspects of the new advanced Active Directory integration functionalities and it will give you an overview of ADsys.

You can find links to the other articles in the series below:

Linux Active Directory integration

According to recent Microsoft figures the majority of medium and large enterprises decide to use Active Directory to manage the identity and compliance of their desktop estate. That has been the case for decades now, and companies have invested heavily to create tools and automation workflows aimed at improving the security and efficiency of their IT admin teams.

Linux desktops, including Debian and Ubuntu, supported Active Directory integration for a very long time through SSSD; however, that was limited to authentication and a small subset of related Group Policy Object policies.

IT system administrators who wanted to use AD to enforce policy compliance or apply remote configuration faced a difficult choice: paying a premium for third-party privileged access management solutions (that are primarily tailored at servers) or relying on a plethora of custom developed tools and scripts.

ADsys, the new Active Directory client

22.04 sees the introduction of a new Active Directory client

Ubuntu Desktop 22.04 sees the introduction of ADsys, our new Active Directory client which contains everything you need to integrate Ubuntu to your Active Directory, including admx and adml template files.

ADsys it is made of two components: adsysd, a daemon that implements the Group Policy protocol and relies on Kerberos, Samba and LDAP for authentication and policy retrieval, and adsysctl, a command line interface that controls the daemon and its status.

ADsys does not replace SSSD and PAM, which are still responsible for user authentication and setting the home directory, rather it compliments them to add the following functionalities:

  • Native Group Policy Object support for both machine and user policies targeting dconf settings on the client machine
  • Privilege management, allowing the possibility to grant or revoke superuser privileges for the default local user, and Active Directory users and groups
  • Custom scripts execution, giving the possibility to schedule shell scripts to be executed at startup, shutdown, login and logout

In addition to these features, the command line tool is able to generate the required .admx and .adml policy files that you can install in Active Directory. Once imported, they can be easily found and modified in the Group Policy Management Editor in Windows Server.

All features have been developed with the intent to align the Active Directory management experience of Ubuntu as closely as possible to the one available in Windows. This was done to flatten the learning curve required by system administrators to securely manage a fleet of Ubuntu desktop computers at scale.

Getting the new features 

While SSSD is an upstream component available for all desktop users, you need an Ubuntu Pro subscription to take advantage of the new advanced features offered by ADsys. You can get a personal license free of charge using your Ubuntu SSO account. ADSys is supported on Ubuntu starting from 20.04.2 LTS, and tested with Windows Server 2019.

We have recently updated the Active Directory integration whitepaper to include a practical step by step guide to help you take you full advantage of the new features. If you want to know more about the inner workings of ADsys you can head to its Github page or read the product documentation.

If you want to learn more about Ubuntu Desktop, Ubuntu Advantage or our advanced Active Directory integration features please do not hesitate to contact us to discuss your needs with one of our advisors.

Read the second part of this article

Find out more

Related posts


Massimiliano Gori
16 September 2024

Announcing Authd: OIDC authentication for Ubuntu Desktop and Server

Ubuntu Article

Today we are announcing the general availability of Authd, a new authentication daemon for Ubuntu that allows direct integration with cloud-based identity providers for both Ubuntu Desktop and Server. Authd is available free of charge on Ubuntu 24.04 LTS. At launch, Authd supports Microsoft Entra ID (formerly Azure Active Directory) ident ...


Luci Stanescu
28 October 2024

Imagining the future of Cybersecurity

Ubuntu Security

October 2024 marks the 20th anniversary of Ubuntu. The cybersecurity landscape has significantly shifted since 2004. If you have been following the Ubuntu Security Team’s special three-part series podcast that we put out to mark Cybersecurity Awareness Month, you will have listened to us talk about significant moments that have shaped the ...


Canonical
10 October 2024

Canonical Releases Ubuntu 24.10 Oracular Oriole

Cloud and server Article

The latest release of Ubuntu delivers a cutting edge kernel and enhanced desktop security. 10 October 2024 Today Canonical announced the release of Ubuntu 24.10, codenamed “Oracular Oriole,” available to download and install from ubuntu.com/download. Ubuntu 24.10 delivers the latest kernel, toolchains and GNOME 47 desktop environment alon ...