DocumentationRelease Notes
Documentation

Install AD Bridge

Suggest Edits

AD Bridge connects Linux and Unix computers to Microsoft Active Directory so you can centrally manage all your computers and users from a single identity management system.

This page describes how to install and manage AD Bridge. The target audience is system administrators who manage access to workstations, servers, and applications with Active Directory.

⚠️

Important

The guide assumes that you know how to administer computers, users, and Group Policy settings in Active Directory and that you know how to manage computers running Unix and Linux.

AD Bridge is installed on a Windows administrative workstation connected to a domain controller so you can set user identifiers and group identifiers in Active Directory Users and Computers. Once the UIDs and GIDs are set, the AD Bridge agent uses the identifiers to authenticate users and groups and to control access to computers and applications.

AD Bridge includes additional features:

  • Applies policy settings to Unix computers from the Group Policy Management Console (GPMC), including policy settings to define desktop and application preferences for Linux computers.
  • Generates a range of reports to help improve regulatory compliance. The result: lower operating costs, better security, enhanced compliance.
  • Provides graphical tools to manage Linux and Unix information in Active Directory. However, it can be useful to access and modify the information programmatically. For this purpose, AD Bridge provides scripting objects that can be used by any programming language that supports the Microsoft Common Object Model, or COM. The scripting objects provide dual interfaces that can be used by languages that use COM early binding, such as C++ and C#, and by languages that use Idispatch, such as VBScript and Jscript.

Software components in AD Bridge

There are two installation packages that you need to install AD Bridge:

  • Management tools for Active Directory: Install on a Windows computer that connects to an Active Directory domain controller.
  • Agent: Install on a Linux or Unix computer to connect it to Active Directory.
ComponentFunction
Agent
  • Runs on a Linux or Unix computer to connect it to Active Directory with the AD Bridge command-line interface or GUI.
  • Communicates with an Active Directory domain controller to authenticate and authorize users and groups with the AD Bridge Identity Service.
  • Pulls and refreshes policy settings by using the Group Policy service, which is included only with the AD Bridge agent.
AD Bridge Console
  • Runs on a Windows administrative workstation that connects to an Active Directory domain controller to help manage Linux and Unix computers in Active Directory.
  • Migrates users, checks status, and generates reports.
MMC Snap-Ins for ADUC and GPMC
  • Extends Active Directory Users and Computers to include Unix and Linux users.
  • With AD Bridge, it also extends the Group Policy Management Console (GPMC) to include Linux or Unix Group Policy settings as well as a way to target them at specific platforms.
Cell ManagerA snap-in for the Microsoft Management Console to manage cells associated with Active Directory Organizational Units.
Reporting DatabaseStores security events and access logs for compliance reports.
Operations DashboardA management application, or plug-in, for the BeyondTrust Management Console. The dashboard retrieves information from the AD Bridge reporting database to display authentication transactions, authorization requests, network events, and other security events that take place on AD Bridge clients.

Plan your AD Bridge deployment

The key to a successful deployment is planning. Before you begin deploying AD Bridge in an enterprise environment, develop a plan that addresses at least the following aspects of installation and deployment:

  • Review the AD Bridge Release Notes to ensure your environment meets the deployment requirements.
  • Set up a test environment. We recommend that you first deploy AD Bridge in a test environment so that you can identify and resolve any issues specific to your mixed network before you put the system into production.
  • Determine whether to use AD Bridge in Directory Integration, or ID Range. When you configure your domain with the AD Bridge domain configuration wizard, you must choose the mode to use.

⚠️

Important

Back up Active Directory before you run the AD Bridge domain configuration wizard.

  • Decide whether to configure AD Bridge to manage a single forest or multiple forests. If you manage multiple forests, the UID-GID range assigned to a forest should not overlap with the range of another forest.
  • Determine how you will migrate Linux or Unix users to Active Directory. It is usually recommended that you delete interactive local accounts other than the root account.
  • Identify the structure of the organizational units or cell topology that you will need, including the UID-GID ranges.
  • Determine whether you will use aliasing. If you plan to use aliasing, you must associate users with a specific AD Bridge cell; you cannot use the Default Cell. ID Range cannot be used with cells.

ℹ️

Note

For more information on Directory Integration and ID Range, see Storage modes in Active Directory.

Updated about 1 month ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.