-
Title
Is it possible to add an Unix enabled user in Active Directory to a local system group? -
Description
Can an account that has been Unix enabled in AD be added to a group that is in the /etc/group file on the system?
-
Resolution
The issue that usually comes up while trying to do this is that tools used to add users to group on systems locally often parse the /etc/passwd file directly looking for the users involved. For example on linux attempts to add users to group can result in this error.
# usermod -a -G test testuser
usermod: testuser not found in /etc/passwdThis can be overcome by temporarily merging the AD account into the passwd file using vastool commands.
# /opt/quest/bin/vastool merge user testuser
User testuser was successfully merged.Unix enabled AD users that have been merged can always be identified because you will see VAS instead of x in the second stanza. Now you should be able to use normal tools to add the user to the group.
# cat /etc/passwd |grep testuser
testuser:VAS:238535155:1013132169::/home/testuser:/bin/bash# usermod -a -G test testuser
#
# cat /etc/group |grep test
test:x:53370:testuserIt is recommended to then undo the account merger.
# /opt/quest/bin/vastool unmerge users
# cat /etc/passwd |grep testuser
#