Introduction to Active Directory Integration

Heterogeneous IT environments often contain various domains and operating systems that need to be able to seamlessly communicate. SSSD offers integration with Active Directory on Linux clients by taking advantage of the SSSD AD provider. In addition to retrieving and caching user and group information from Active Directory, SSSD can:

  • Perform automatic objectSID -> UID/GID Mapping, or use existing POSIX attributes

  • Auto-discover trusted AD domains

  • Utilize sudo rules stored in AD

  • Enable linux systems to act as a GPO client

  • Set customized access controls based on user/group membership, or GPO rules

  • Dynamic DNS updates

  • Offline support

  • AD Site discovery

  • Automatically renew linux host computer object

To read more about how SSSD is used in AD integration at a high level, refer to the following links:

Or on the terminal to read about SSSD’s AD provider

$ man sssd-ad

SSSD can also retrieve information and perform authentication against Active Directory Domain Controllers through IPA servers, this is done via IPA - AD Trust - also called Indirect AD integration. Red Hat documentation gives more information about how this works.