Micro Focus AD Bridge 2.0 Release Notes

December 2019

AD Bridge 2.0 includes features for bridging Microsoft Active Directory (AD) on Windows servers with Linux distributions both on premises and cloud to manage Linux client configurations using Group Policy Objects in the AD environment.

We designed this product in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in Micro Focus Forums, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product is available in HTML and PDF formats. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the AD Bridge Documentation page.

To download this product, go to the Micro Focus Downloads or Customer Center website.

What’s New?

The following sections outline the key features and functions in this release:

Extending Native Tools (GPEdit)

AD Bridge 2.0 extends the capabilities of native tools to include the following:

  • Use Sudoers to manage Sudo lists and permissions in GPOs.

  • Monitor the persistence of local Linux configuration files in real time.

  • Add user UID and GID as an AD Users and Computers (ADUC) extension.

  • Add Execute Commands.

    For more information, see Executing Commands with GPOS.

  • Manage GPOs of cloud based Linux devices joined to native AD.

    For more information, see Managing User and Group IDs in Linux.

AD Bridge Gateway

The AD Bridge Gateway resides on premises and acts as a bridge to push policies from Active Directory to the Cloud Gateway.

AD Bridge Cloud Gateway

The AD Bridge Cloud Gateway acts as a bridge between Linux virtual machines (VMs) in the cloud and the on premises AD Bridge Gateway. You can thus push universal policies created on the AD Bridge Cloud Gateway to cloud Linux VMs.

Web Console for AD Bridge

This release introduces the web console to provide you a centralized single-pane view for device and policy management across the enterprise and beyond. The web console also simplifies management of policies, agents, and delivery of analytics. The web console helps you accomplish the following:

  • Device Management

  • Enhanced Policy Management

For more information, see Using the Web Console.

Improved Linux Agent Capabilities

AD Bridge 2.0 includes superior Linux agent capabilities as follows:

  • Join specified OU in AD

  • Policy refresh command

  • Agent install modes for computers joined to:

    • On Premises AD

    • Cloud AD

    • Cloud Non AD

  • File monitor and persistence outside of GPOs or the Sysvol check cycle

For more information, see Managing Linux Agent Services with GPOs.

Forward Events And Syslog Messages

AD Bridge 2.0 enables you to forward events and syslog messages to SIEM solutions like ArcSight. You can also configure multiple forwarders in the web config file to send to more than one syslog server.

System Requirements

For detailed information about hardware requirements and supported operating systems, see AD Bridge 2.0 System Requirements.

Installing This Version

The AD Bridge 2.0 installation involves multiple component installations to bridge the AD environment, Gateways and a Group Policy Management Console snap-in for the Windows domain. For detailed information about installing these components, see the AD Bridge Administration Guide.

Known Issues

We strive to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

GPEdit Extension AD User/Group picker Retrieves UPN/Name Instead of sAMAccountName

Issue: The AD object picker for simple allow/deny lists in the GPEdit extension retrieves userPrincipalName (UPN) or name attributes for users and groups respectively and sends them to the sssd.conf file. The sssd.conf file in turn considers the User Logon Name (pre-Windows 2000) or sAMAccountName attribute to process the allow/deny list and not the User Logon Name (part of UPN attribute). Therefore, user login is denied when UPN and sAMAccountName are different and not identical.(Bug 1156115)

Workaround: Manually enter the User Logon Name (pre-Windows 2000) value or sAMAccountName attribute in the simple allow / deny list rule in the GPEdit extension to login successfully.

Error When Saving Modified Universal Policies with Windows Settings

Issue: When you attempt to save a modified Universal Policy with Windows settings, the web console displays an error. (Bug 1158133)

Workaround: None.

Uninstallation of AD Bridge Gateway Also Removes All Configured Universal Policies

Issue: Uninstallation of AD Bridge Gateway Also Removes All Configured Universal Policies. (Bug 1158317)

Workaround: Before you uninstall the AD Bridge Gateway, copy the C:\ProgramData\MicroFocus\AD Bridge\CCM folder to backup, and replace in the same location upon reinstallation of the AD Bridge Gateway.

The Web Console Does Not Load Custom Settings For Linux Universal Policies On the Firefox Browser

Issue: When you open the Policies page and check out Linux universal policies, custom settings like custom firewall ports or custom service settings do not load on the Firefox browser. (Bug 1158315)

Workaround: Use Active Directory native tools to add or modify custom settings for Linux universal policies.