Managing Ubuntu fleets in hybrid environments where Microsoft Active Directory (AD) is the identity authority requires two key components: SSSD for authentication and ADSys for Group Policy Object (GPO) enforcement. SSSD integrates Ubuntu with AD using Kerberos and LDAP, handles SID-to-UID/GID mapping, and supports offline credential caching. ADSys extends this by enabling GPO-based management of Ubuntu machines, covering sudo privileges, script execution, desktop configuration via dconf, AppArmor profiles, and certificate auto-enrollment via AD CS. ADSys is available through Ubuntu Pro and uses standard ADMX/ADML templates in the Windows Group Policy Management Console, allowing IT admins to manage Linux endpoints with existing AD tooling.
Table of contents
AD and the System Security Services Daemon (SSSD)The power of Group Policy Objects (GPOs) with Active Directory System Services (ADSys)Quick reference: ADSys capabilitiesCompliance and security with certificate auto-enrollmentThe Ubuntu Pro advantageLearn more about identity managementSort: