Introduction to Active Directory
Active Directory Domain Services is Microsoft’s product for enterprise
identity management. It contains multiple services such LDAP (database),
Kerberos (authentication), Group Object Policies (access control and policy),
DNS and more. Even though it has official support only on Microsoft Windows,
SSSD provides seamless integration of Linux clients with Active Directory
through the ad provider, including automatic SID to uid/gid translation.
The following features are supported in SSSD Active Directory integration:
Full support of Active Directory users and groups
Kerberos authentication
Access control via Group Policy Objects
Auto-discovery of of trusted domains (subdomains in SSSD terminology)
Auto-discovery of Active Directory site and forest
Automatic SID to uid and gid translation
Dynamic DNS records updates
No POSIX attributes are required on Active Directory objects
ID views to support migration effort
Automount maps and sudo rules support
Support for offline authentication
… and more
See also
Note
There are multiple ways to join a host into an Active Directory domain. We
recommend using realmd which provides automatic domain discovery and
enrollment. It is also possible to perform required steps manually.
If you want to avoid enrolling to the Active Directory domain explicitly, you
may also use the ldap provider (LDAP provider with AD domain). This requires
deeper understanding of SSSD configuration and does not provide all the
features and benefits of the ad provider therefore it is not generally
recommended.
Integrating Active Directory through FreeIPA
If you need to manage large numbers of both Windows and Linux machines, you may want to consider using FreeIPA for Linux systems and establish a trust between FreeIPA and Active Directory domains. This will keep all the benefits of direct Active Directory integration but also grants you better control over the Linux system through Linux-specific identity management product. Visit Introduction to FreeIPA for more information.