Windows 2022
Sponsored Link

Active Directory : Add UNIX attributes to Accounts2021/12/07

 
Add UNIX attributes to User Accounts.
User Accounts that have UNIX attributes can authenticate to UNIX/Linux Hosts that have LDAP Client role.
[1] Run PowerShell with admin privilege and configure like follows.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# add an user [ADUser02] with UNIX attributes
# specify minimum requirement attributes with [-OtherAttributes] option
PS C:\Users\Administrator> New-ADUser ADUser02 `
-Surname ADUser02 `
-GivenName ADUser02 `
-DisplayName "AD User02" `
-EmailAddress "ADUser02@srv.world" `
-AccountPassword (ConvertTo-SecureString -AsPlainText "P@ssw0rd02" -Force) `
-ChangePasswordAtLogon $true `
-Enabled $true `
-OtherAttributes @{uidNumber="5001"; gidNumber="100"; loginShell="/bin/bash"; unixHomeDirectory="/home/ADUser02"} 

# verify
PS C:\Users\Administrator> Get-ADUser -Identity ADUser02 -Properties * | Out-String -Stream | Select-String "uidNumber","gidNumber","loginShell","unixHomeDirectory" 

gidNumber                            : 100
loginShell                           : /bin/bash
uidNumber                            : 5001
unixHomeDirectory                    : /home/ADUser02


# add UNIX attributes to an existing user [ADUser01]
PS C:\Users\Administrator> Get-ADUser -Identity ADUser01 

DistinguishedName : CN=AD User01,CN=Users,DC=srv,DC=world
Enabled           : True
GivenName         : User01
Name              : AD User01
ObjectClass       : user
ObjectGUID        : 457aa6c8-8c5d-4c00-92c0-14b5d43de16b
SamAccountName    : ADUser01
SID               : S-1-5-21-1322887480-1777281493-1913265488-1104
Surname           : AD
UserPrincipalName : ADUser01@srv.world

# specify minimum requirement attributes with [-Add] option
PS C:\Users\Administrator> Set-ADUser -identity "CN=AD User01,CN=Users,DC=srv,DC=world" `
-Add @{uidNumber="5000"; gidNumber="100"; loginShell="/bin/bash"; unixHomeDirectory="/home/ADUser01"} 

PS C:\Users\Administrator> Get-ADUser -Identity ADUser01 -Properties * | Out-String -Stream | Select-String "uidNumber","gidNumber","loginShell","unixHomeDirectory" 

gidNumber                            : 100
loginShell                           : /bin/bash
uidNumber                            : 5000
unixHomeDirectory                    : /home/ADUser01
Active Directory : Add UNIX attributes to Accounts (GUI)
 
On GUI configuration, set like follows.
[2] Add UNIX attrubutes to an existing user.
Select [Advanced Features] on [View] menu on [Active Directory Users and Conputers] window.
[3] Open [Property] for a user you'd like to add UNIX attributes.
[4] Move to [Attribute Editor] tab and open [uidNumber] attribute.
[5] Input UID number that is used on Linux.
Specify uniq number which does not exist on Linux Localhost.
[6] Open [gidNumber] attribute and input GID number.
Specify uniq number which already exists on Linux Localhost, or Specify GID number which exists on Active Directory groups.
For GID number which exists on Active Directory groups, it means the GID which is added to an AD group with the same procedure on here.
[7] Open [loginShell] attribute and input the Path of Login Shell on Linux. Specify it that exists on Linux Host.
[8] Open [unixHomeDirectory] attribute and input the Path of Home Directory.
It's possbile to login to Linux Host if the Path of Home Directory does not exist, If not exist, it will be created for initial login (if configured as so) or move to / (if not configured automatical mkhomedir).
Matched Content