DocumentationRelease Notes
Release Notes
Back to All

AD Bridge 24.1.1 release notes

May 15th, 2024

May 15, 2024

  • Agent: 24.1.1.616
  • Windows: N/A

ℹ️

Note

This is an Agent-only release.

New features and enhancements

Enable the Machine Password after domainjoin

We've enhanced the ResetMachinePassword configuration option to support a reversion of the PwdLastSet after a domainjoin option we introduced in AD Bridge 24.1.0.

⚠️

Important

In AD Bridge 24.1.0, we added the following update:

Reset machine password on join

PwdLastSet was only updating after half the MachinePasswordLifespan(Defaulted to 30days) was reached. Now after a domainjoin is successful it will initiate a machine password reset.

With the 24.1.1 release, we are reverting this change to make it an elective feature, instead of an always-on feature, via the ResetMachinePasswordOnJoin configuration options.

ResetMachinePasswordOnJoin

With the ResetMachinePasswordOnJoin configuration option, you can opt to send an automatic password reset request to a machine once the machine joins a domain.

Acceptable values include:

  • true sends a request to reset the machine password
  • false does not send a request to reset a machine password
  • Default valuefalse

ResetMachinePasswordDelay

You can also set the wait (in minutes) before the password reset request is sent after joining a domain.

ℹ️

Note

The ResetMachinePasswordOnJoin option must be set to true.

Acceptable values include:

  • digits 2 - 60, inclusive
  • Default value: 5

Force a Machine Password Reset

Use the new 

pbis ad-reset-machine-password

command to force a machine password reset request at any time.

Support for pam_aucore on domainjoins

As pam_aucore is seen as a known module, pam_lsass.so is placed above pam_aucore.so.

AD Bridge Allows Installs with EPM-UL Installed and the Policy Configured to use ACA

When defaults are used, AD Bridge now allows installs on a system with Endpoint Privilege Management for Unix/Linux installed and configured for Advanced Control Audit (ACA) via the LD_PRELOAD environment variable.

Issues resolved

Agent

  • Resolved an issue on systems with systemd where LWSMD was starting prior to the network coming online.
  • Resolved an issue where the WARNING: Ignoring unsupported krb5 line 'include /opt/pbis/share/krb5.conf'; line will be included in krb5.conf but won't be parsed) message incorrectly displayed as a warning. This error message now displays in debug.
  • Segfaults on Solaris Sparc
    • Resolved an issue where SamrAllocateUserInfo21 did not align computed buffer size; they now align as expected.
    • Resolved an issue where the LsaAllocateAuditEventsInfo() did not align computed buffer size; they now align as expected.
  • Resolved an issue when Gpagent/lsass would crash when the domain includes trusts that were too large.
  • Resolved an issue where the config tool errored when the system was not joined to any providers.
  • Resolved an AIX issue where the LSASS64 entry in /etc/methods.cfg was created.
  • Resolved the issue where the config tool would successfully set options when not joined, but return error code 5.
  • Resolved an issue where the config dump did not export valid import options for empty multistring settings.
  • Resolved an issue when, after the lsass restart, the first cron attempt by an AD user failed with getpwnam failed.

Tools

  • Now, pbis-support.pl will always collect the /var/log/domainjoin-cli.log.
  • A new script for creating the Azure registered app, /opt/pbis/libexec/create-azure-app.sh, is in the agent installer. This requires you to install azure-cli.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.