9. Services for Windows#
UCS can offer Active Directory (AD) services, be a member of an Active Directory domain or synchronize objects between Active Directory domains and a UCS domain.
For the purposes of Windows systems, UCS can assume the tasks of Windows server systems:
Domain controller function / authentication services
In UCS all these services are provided by Samba.
UCS supports the mostly automatic migration of an existing Active Directory domain to UCS. All users, groups, computer objects and group policies are migrated without the need to rejoin the Windows clients. This is documented in Migrating an Active Directory domain to UCS using Univention AD Takeover.
Microsoft Active Directory domain controllers cannot join the Samba domain. This functionality is planned at a later point in time.
Samba can not join an Active Directory Forest yet at this point.
Incoming trust relationships with other Active Directory domains are configurable. In this setup the external Active Directory domain trusts authentication decisions of the UCS domain (Windows trusts UCS) so that UCS users can sign in to systems and Active Directory backed services in the Windows domain (see Trust relationships). Outgoing trusts with Active Directory domain (UCS trusts Windows) are not supported currently.
- 9.1. Operation of a Samba domain based on Active Directory
- 9.1.1. Installation
- 9.1.2. Services of a Samba domain
- 9.1.3. Configuration and management of Windows desktops
- 18.104.22.168. Group policies
- 22.214.171.124. Logon scripts / NETLOGON share
- 126.96.36.199. Configuration of the file server for the home directory
- 188.8.131.52. Roaming profiles
- 9.2. Active Directory Connection
- 9.2.1. UCS as a member of an Active Directory domain
- 9.2.2. Setup of the UCS AD connector
- 184.108.40.206. Basic configuration of the UCS AD Connector
- 220.127.116.11. Importing the SSL certificate of the Active Directory
- 18.104.22.168. Starting/Stopping the Active Directory Connection
- 22.214.171.124. Functional test of basic settings
- 126.96.36.199. Changing the AD access password
- 9.2.3. Additional tools / Debugging connector problems
- 9.2.4. Details on preconfigured synchronization
- 9.3. Migrating an Active Directory domain to UCS using Univention AD Takeover
- 9.4. Trust relationships