As with Windows clients, we can use Active Directory security groups to control user SSH login and elevated SUDO rights on domain-joined Linux systems. Applies to: Debian Linux, Ubuntu Linux, Red Hat Linux, SUSE Linux, Windows Server 2012 through Windows Server 2025 Chapters 0:00 Introduction 0:38 Create Domain Groups for SSH Access 2:41 Verify AD Group Membership in Linux 3:22 Grant Domain Users SSH Access 5:18 Demonstrate SSH Access 6:46 Grant Domain Users SUDO Rights 8:01 Demonstrate SUDO Rights and Separation of Duties 9:06 Clear SSSD Cache 9:58 Thank you for watching Glossary: AD = Active Directory ADAC = Active Directory Administrative Center ADDS = Active Directory Domain Services ADUC = Active Directory Users and Computers OU = Organizational Unit SCP = Secure Copy Protocol SSH = Secure Shell SSSD = System Security Services Daemon SUDO = SuperUser DO UPN = User Principal Name GitHub: Commands: Ubuntu: sudo systemctl restart Debian/Red hat/SUSE: sudo systemctl restart sudo systemctl stop sssd sss_cache -E rm -f /var/lib/sss/{db,mc}/* sudo systemctl start sssd sudo nano /etc/ssh/sshd_config.d/[filename].conf sudo visudo -f /etc/sudoers.d/[filename] sudo systemctl stop sssd sss_cache -E rm -f /var/lib/sss/{db,mc}/* sudo systemctl start sssd PowerShell: $daGroup2Add=[GroupName] $pth="OU=OrgUnit,DC=DomainComponent,DC=DomainComponent" New-ADGroup -Name $daGroup2Add -GroupScope Universal -GroupCategory Security -Path $pth Add-ADGroupMember -Identity $daGroup2Add -Members [adusers] Links: #sssd-cache