DocumentationRelease Notes
Release Notes
Back to All

AD Bridge 24.2.3 release notes

July 15th, 2025

July 17, 2025

Agent: 24.2.3.934
Windows: N/A
Supported upgrades: 23.1, 23.2, 23.3, 24.1, 24.2

πŸ†• New features

Encrypt Azure secrets

To keep things more secure, we're now encrypting the Azure secret. These secrets are securely stored in the registry on the Linux system, which only the root user can access.

The Azure secret gets encrypted when you join the tenant.

Right now, upgrades aren't supported. So, if you need to make changes, it's best to leave the tenant and then rejoin.

Microsoft Entra ID: New Provisioned mode

We're excited to introduce a new Provisioned mode for mapping values in Microsoft Entra ID!

πŸ“˜

The updates in this release are on the agent side. This new mode will pull from a Microsoft Entra ID schema that will be implemented by AD Bridge in version 25.1.

With this mode, you can now store and manage the following User and Group attributes:

For Users:

  • pgid (primary gid)
  • uid
  • loginShell
  • unixHomeDirectory

For Groups:

  • gid

Agents that join the tenant can use these values stored in Entra ID.

Additionally, the tenantjoin-cli will now have new options for provision and unprovision modes, with the default set to unprovision. In version 25.1.0, the default will be provisioned.

These new config options are available now, but will be fully integrated in 25.1.0:

  • OAuthProvisionMode
  • OAuthCacheEntryExpiry
  • SchemaConnectorApplication
  • OAuthMinID
  • OAuthMaxID

Entra ID integration with PMUL/EPM-L

The new Entra ID Provisioned mode is designed to work seamlessly with role-based policies that are mapped to Entra ID Users and Groups.

While the pbrun -e command won't resolve entitlements for groups, it will still function as expected.

With Entra ID mapping, PMUL can now integrate with our Entra ID system. PMUL mainly uses genent passwd to check if a user is a member and getent group to see who belongs to a group.

Caching

To improve performance with the Oauth provider, we are now caching our lookups to improve lookup responsiveness.

Support RHEL 10

Added support for RHEL 10 with SELinux enabled. This includes policy mapping for Rocky and AlmaLinux.

πŸ› οΈ Issues resolved

DescriptionResolution
AIX: id on aduser seg faults on 7300-02-03-2446The LAM module freed user/group info prematurely; fixed by stopping it from freeing returned data.
AIX: Local password prompt when changing password not workingLocal AIX accounts should now be able to change their own password.
Adtool add-to-cell and lookup-object fails; reporting a failure to get the GUID.The GUID is now found correctly and error reporting is updated.
Solaris 11.4 check for backups in /etc/inet/hostsWhen modifying the local file during a domainjoin we now generate a backup of the original file.
AIX: domainjoin-cli should not be adding extra whitespace to SYSTEM entryExtra spaces are no longer added and SYSTEM entries are correctly displayed.
liblsassclient should not depend on libcrypto.so.Addresses issues around sudo and missing symbols.
domainjoin-cli: Integrated domainjoin-nmcli.sh with setnameDomainjoin-cli setname will work on systems with nmcli

⏰ Deprecation notices

  • Due to lack of demand, SNMP support has been removed from the agent endpoints.
  • We are no longer supplying the pbis-enterprise-devel RPM package

Β©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.