The “hybrid fleet” is today’s reality: organizations diversify operating systems while Microsoft Active Directory (AD) remains the dominant identity “source of truth.” IT administrators must ensure Linux machines, like Ubuntu desktops and servers, behave as first-class citizens in this environment. Efficient Linux management demands unifi […]

The Ubuntu Blog provides updates, tutorials, and insights on the Ubuntu operating system and related projects. Covering topics such as Linux desktops, server administration, and cloud computing, the blog offers resources for developers and sysadmins working with Ubuntu. Developers can learn how to set up, configure, and optimize Ubuntu systems for development, deployment, and production environments by following the Ubuntu Blog.

Ubuntu

Managing Ubuntu fleets in hybrid environments where Microsoft Active Directory (AD) is the identity authority requires two key components: SSSD for authentication and ADSys for Group Policy Object (GPO) enforcement. SSSD integrates Ubuntu with AD using Kerberos and LDAP, handles SID-to-UID/GID mapping, and supports offline credential caching. ADSys extends this by enabling GPO-based management of Ubuntu machines, covering sudo privileges, script execution, desktop configuration via dconf, AppArmor profiles, and certificate auto-enrollment via AD CS. ADSys is available through Ubuntu Pro and uses standard ADMX/ADML templates in the Windows Group Policy Management Console, allowing IT admins to manage Linux endpoints with existing AD tooling.

How to manage Ubuntu fleets using on-premises Active Directory and ADSys

AD and the System Security Services Daemon (SSSD)

The power of Group Policy Objects (GPOs) with Active Directory System Services (ADSys)

Compliance and security with certificate auto-enrollment