Note: The original blog article has been updated to address a number of questions we received and to further clarify what has been removed and what remains. Due to the Active Directory Documentation Blog being retired in October 2015, the comments have been removed. Please post your questions/comments in the Directory Services TechNet Forum.
Why did Microsoft remove IDMU/NIS Server role from Windows Server?
What IDMU/NIS Server components are removed from Windows Server 2016?
- Network Information Service (NIS) Windows Server role
- The Unix Attributes plug-in for the Active Directory Users and Computers Management Console (MMC) snap-in
I am using Windows Server IDMU/NIS Server role today, what should I do?
What happens when I have the NIS Server Role installed and try to upgrade to Windows Server 2016?
Can I continue to use the GID/UID (RFC 2307) attributes I am using today with Active Directory after I upgrade to Windows Server 2016?
How do I continue to edit the GID/UID RFC 2307 attributes now that the Unix Attributes Plug-in is no longer available for the Active Directory Users and Computers MMC snap-in?
1. Active Directory Users and Computers MMC snap-in
1. Open Active Directory Users and Computers.
2. From the dropdown menu, select View -> Advanced Features:
3. Open the properties of a User, Group or Computer Object
4. Navigate to “Attribute Editor” tab to edit the following attributes:
-
- uidNumber
- gidNumber
- Loginshell
- unixHomeDirectory
- MemberUid
- ipHostNumber
2. Active Directory Administrative Center
1. Open Active Directory Administrative Center
2. Navigate to a User, Group or Computer Object
3. Navigate to Extensions
4. Navigate to “Attribute Editor” tab to edit the following attributes:
-
- uidNumber
- gidNumber
- Loginshell
- unixHomeDirectory
- MemberUid
- ipHostNumber
3. Scripts (preferred method for bulk operations and automation)
· Using Active Directory PowerShell Cmdlet:
o Below is sample code to query/configure the various attributes
Import-Module ActiveDirectory
#To query Unix Properties of a User Object
$username = "guest"
Get-ADUser $username -Properties * | Select SamAccountName, msSFU30NisDomain,uidNumber, unixHomeDirectory, loginShell, gidnumber, @{Label='PrimaryGroupDN';Expression={(Get-ADGroup -Filter {GIDNUMBER -eq $_.gidnumber}).SamAccountName}}
#To query Unix Properties of a Group object
$groupname = "Unix Sample Group"
Get-ADGroup $groupname -Properties * | Select SamAccountName, msSFU30NisDomain,gidnumber, @{Label='Members';Expression={(Get-ADUser -Filter {GIDNUMBER -eq $_.gidnumber}).SamAccountName}}
#To query Unix Properties of a Computer Object
$computername = "server123"
Get-ADComputer $computername -Properties * | Select SamAccountName, msSFU30NisDomain,ipHostNumber, msSFU30Aliases
#Set unixHomeDirectory on a user (replace this with any of the attributes you’d like to set)
$username = "guest"
set-ADUser $username -Replace @{unixHomeDirectory="/usr/sbin/guest"}
o Below, is sample output from the sample code above
Sample output from the PowerShell Script:
SamAccountName : Guest
msSFU30NisDomain : woodgrove
uidNumber : 10001
unixHomeDirectory : /usr/sbin/guest
loginShell : /bin/sh
gidnumber : 10001
PrimaryGroupDN : Unix Sample Group
SamAccountName : Unix Sample Group
msSFU30NisDomain : woodgrove
gidnumber : 10001
Members : {Administrator, Guest}
SamAccountName : Server123
msSFU30NisDomain : woodgrove
ipHostNumber : {10.2.2.2}
msSFU30Aliases : {bla, unixtestclient}
· Using NFS PowerShell CmdLet Set-NfsMappedIdentity: Please see the following page for more information: Set-NfsMappedIdentity.
· Using VBScript: There is also a TechNet blog article from a while back that has some additional detail to configure and populate the attributes in Active Directory http://blogs.technet.com/b/dsix/archive/2009/04/16/integrating-unix-client-in-active-directory-using-ldap-part-i.aspx.
What Active Directory Attributes did the Unix Attribute tabs expose in the Active Directory Users and Computers MMC snap-in prior to Windows Server 2016?
Dialog name
|
AD Attribute
|
RFC2307 attribute
|
Example
|
User object
|
Group object
|
Computer object
|
UID
|
uidNumber
|
X
|
1000
|
X
|
|
|
Login Shell
|
Loginshell
|
X
|
/bin/bash
|
X
|
|
|
Home Directory
|
unixHomeDirectory
|
X
|
/home/username
|
X
|
|
|
Primary Group name/GID
|
gidNumber
|
X
|
10002
|
X
|
X
|
|
Members
|
MemberUid
|
X
|
Administrator
|
|
X
|
|
iphostnumber
|
ipHostNumber
|
X
|
10.2.2.2
|
|
|
X
|
NIS Domain
|
maSFU30NisDomain
|
|
“example”
|
X
|
X
|
X
|
Members
|
msSFU30PosixMember
|
|
CN=Group,CN=Schema, CN=Configuration, DC=Woodgrove,DC=Local
|
|
X
|
|
Name
|
msSFU30Name
|
|
“Server123” or “Administrator” or “unix group”
|
X
|
X
|
X
|
Computer Aliases
|
msSFU30Aliases
|
|
Alias1; alias2
|
|
|
X
|
Note: Questions and comments are welcome. However, please DO NOT post a request for troubleshooting by using the comment tool at the end of this post. Instead, post a new thread in the Directory Services Technet forum. Thank you!