Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

New Active Directory Integration features in Ubuntu 22.04 (part 2) – Group Policy Objects

This article was last updated 1 year ago.

Linux Active Directory (AD) integration is historically one of the most requested functionalities by our corporate users, and with Ubuntu Desktop 22.04, we introduced ADsys, our new Active Directory client. This blog post is part 2 of a series where we will explore the new functionalities in more detail.

In this article we will focus on how Group Policy Objects (GPOs) can be used by ADsys to change dconf settings in Ubuntu after a client has been successfully joined to a domain. 

In this area, as well as for all the other new features delivered by ADsys, we tried to offer a user experience as close as possible to the native one available in Microsoft Windows, with the aim of enabling IT admins to reuse the same knowledge and tools they acquired over the years to manage Ubuntu desktops.

You can find links to the other articles in the series below:

Active Directory Administrative Templates

Similar to Windows clients, the first step to tell AD to what features it can manage is to import an administrative template. We offer the choice of both the language-specific .adml files and the language-neutral .admx files.

The administrative templates need to be imported in the Central Store in the sysvol folder on a Windows domain controller. The Central Store is a file location that the Group Policy Tools check by default and that is replicated in all the domain controllers. If you want to learn more information Microsoft provides extensive documentation on how to create and manage a central store.

Once a device is joined to the domain, ADsys provides a command line interface which is able to download the relevant templates for the distribution that you are running. The administrative templates support different data types and the management consoles adapts the UI according to the property you are going to modify (e.g. boolean, lists, etc.)

We will continue supporting the tool and release updated templates compatible with newer versions of Ubuntu. You can see which templates are available by going to the relevant section of the project Github page.

Using Group Policy Objects

Active Directory Admin Center

Group Policy Objects can be used to change any of the dconf settings. Compatibility to additional policy managers might be extended in the future based on usage and customer demand.

Similar to Windows we offer both user and computer policies, which can be accessed by navigating to the Ubuntu administrative template section of Active Directory. GPO rules can have the traditional enabled, disabled and not configured states and their precedence follows the same, default Active Directory constructs. (i.e. machine policies take precedence over user ones)

Similar to windows GPOs are applied:

  • On boot for the computer policies
  • On login for the user policies
  • At a configurable time interval for active, connected clients (the default is set to the standard 90 minutes)

The settings are applied to the relevant users on the client and they can be overwritten only by local machine administrators.

SSSD and security policies

It is important to note that ADsys does not replace SSSD, rather it compliments it. The Active Directory Security Policies that are currently managed or partially supported by SSSD are not duplicated in ADsys.

SSSD is part of all versions of Ubuntu starting from 18.04 and you can find further information on our documentation or the upstream project page.

Additional resources and how to get the new features

The features described in this blog post are available for free for all Ubuntu users, however you need an Ubuntu Pro subscription to take advantage of the privilege management and remote scripts execution features. You can get a personal license free of charge using your Ubuntu SSO account. ADSys is supported on Ubuntu starting from 20.04.2 LTS, and tested with Windows Server 2019.

We have recently updated the Active Directory integration whitepaper to include a practical step by step guide to help you take you full advantage of the new features. If you want to know more about the inner workings of ADsys you can head to its Github page or read the product documentation.

If you want to learn more about Ubuntu Desktop, Ubuntu Advantage or our advanced Active Directory integration features please do not hesitate to contact us to discuss your needs with one of our advisors.

Find out more

Ubuntu desktop

Learn how the Ubuntu desktop operating system powers millions of PCs and laptops around the world.

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

Azure AD authentication comes to Ubuntu Desktop 23.04

Ubuntu Desktop 23.04 is the first and only Linux distribution to enable native user authentication with Azure Active Directory (Azure AD)

Ubuntu compliance monitoring with Microsoft Intune

In recent years, data science, AI and software development have become a key focus area for organisations operating in every sector of the economy. This...

Canonical releases Landscape 24.04 LTS

Landscape 24.04 LTS is Landscape’s first LTS release, with a modernised backend, web portal, snap management, and repository management features.