AD Bridge 24.1 release notes

February 29, 2024

Requirements:

• None

ℹ️

Note

For installation requirements, see the following:

For the AD Bridge agent, see the Install Requirements for the AD Bridge Agent.

For the management console, see the Requirements to Use AD Bridge with Active Directory.

For a list of supported platforms for the latest version of AD Bridge, see the Supported Platforms Guide.

Supported Platforms Guides for previous versions of AD Bridge can be found in the AD Bridge Documentation Archive.

New features and enhancements:

Ability to Disable Shutdown Timers

• In some scenarios, the shutdown timers have caused issues for customers. A new configuration option has been added to disable the lwsmd service shutdown timers. This option takes affect then next time lwsmd starts up.
• UseServiceShutdownTimer. New configuration option to disable service shutdown timers.

Database Connections Improvements

In the BeyondTrust AD Bridge Reporting Database Connection window:

• Two new options have been added to support encrypted connections: Encrypt connection and Trust server certificate.
• A new Perform Test Read option has been added to perform a query on the users table as part of the Database connection test (Rights required).
• The Timeout was capped at 10 seconds when switching components in the BeyondTrust Management Console (BMC). This cap has been removed to help in environments that need a longer delay.

⚠️

Important

As the time is now respected, timeouts only occur when the set limit is reached.

• BMC: Support Encrypted Database connections.
• BMC: New option to query user table on with Database Connection test.
• BMC: SQL timeout setting honored across BMC.

Reset Machine Password on Join

• PwdLastSet was only getting updated after half the MachinePasswordLifespan (defaulted to 30 days) was reached. Now after a domainjoin is successful, it will initiate a machine password reset.

Database Hardening

• We noticed that two of the recommended groups had been over provisioned. The script to set the permissions has been updated for new setups, but for existing deployments/customers, we recommend updating the permissions manually. We provide a new ReportingPermissionsUpdateV2.sql file in the Resource folder to provide a reference for updating existing permissions.

Issues resolved:

Windows

• Resolved an issue with the Orphaned Objects Tool: We now mention that additional scans might be required.
• Resolved an issue where the Configuration Wizard License Import was not locale aware.
• Resolved an issue where the LicensePage Import was not locale aware.

Agent

• Resolved an issue with Domainjoin: Added support for restarting network manager with dhcp to resolve ERROR_BAD_COMMAND.
• Resolved an issue with pbis-support: Added a djconfigfile option for PWS integration.
• Resolved an issue to not store/read domain trust information with invalid SIDs.
• Resolved an issue where MachinePassword reset occasionally caused a core dump.
• Resolved an issue to support ubuntu minimal SERVER installs.
• Resolved an issue where AD Account lockout on AIX was occuring before threshold.
• Resolved an issue to update selinux to work with confined users.
• Resolved an issue where users were unable to create schannel connection after being offline for 4+ hours.
• Resolved an issue about portscript: the tryall option now searches all domains.
• Resolved an issue with RHEL9, where one was unable to change password for an AD user.

Others

• A tenantjoin-cli man page has been added.

Known issues:

None.

ℹ️

Note

Issues discovered after release can be found within our product Knowledge Base.

Notes:

• AD Bridge 24.1.0 supports upgrades from versions 23.1, 23.2, and 23.3.
• AD Bridge rpm packages signed with key 7237d0ac.
• The Windows build number is now split from the Agents build number. Installer build numbers will be different between Windows and the linux/unix installers.