Can an account that has been Unix enabled in AD be added to a group that is in the /etc/group file on the system?
The issue that usually comes up while trying to do this is that tools used to add users to group on systems locally often parse the /etc/passwd file directly looking for the users involved. For example on linux attempts to add users to group can result in this error.
# usermod -a -G test testuser
usermod: testuser not found in /etc/passwd
This can be overcome by temporarily merging the AD account into the passwd file using vastool commands.
# /opt/quest/bin/vastool merge user testuser
User testuser was successfully merged.
Unix enabled AD users that have been merged can always be identified because you will see VAS instead of x in the second stanza. Now you should be able to use normal tools to add the user to the group.
# cat /etc/passwd |grep testuser
testuser:VAS:238535155:1013132169::/home/testuser:/bin/bash
# usermod -a -G test testuser
#
# cat /etc/group |grep test
test:x:53370:testuser
It is recommended to then undo the account merger.
# /opt/quest/bin/vastool unmerge users
# cat /etc/passwd |grep testuser
#
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center