Open 1Dimitri opened 1 year ago
any update on this? we are facing the same issue.
Hey @1Dimitri, thanks for reporting the issue! I'll mark it a feature request since it's not something that we can tackle without deeper research and quite some changes in the way we set up the project.
Does this happen only for policies that require the creation of the SYSVOL/Ubuntu
directory?
Hello
Yes. The culprit is that you are not delegated enough rights in this PaaS offer to create folder at the Sysvol level.
Therefore you cannot use GPOs which need that folder (login scripts basically)
If you decided that the distribution id is no longer named "Ubuntu" but "awesomebuntu" the same problem would arise.
If you were willing to have no problem with any of those providers, the adsys client should have a way to search for scripts under the sysvol\scripts\
I've already asked the AWS Support to enter a feature request for the AWS Directory Service team so if you have contacts at Amazon I can provide you with the ticket number
Description
PaaS offers for Active Directory from AWS and Microsoft Azure do not grant administrators the needed rights to install the GPO policies at the suggested file location.
Reproduction
For AWS
For Azure AD DS
Environment
Installed versions
Additional context
AWS and Azure offer managed AD service, where you do not have access to the VMs which are the Domain Controllers of the created single-domain forest In order to avoid corruption, you are not granted "Domain Admins" group membership but membership to specific created groups which can through delegation do many Domain Admins actions, but not all
In particular, for the SYSVOL folder: