Active Directory bridging toolset
AD integration client
Active Directory integration bridging toolset command line tool.
adsysctl COMMAND [flags]
-c, --config string use a specific configuration file
-h, --help help for adsysctl
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Print last applied GPOs for current or given user/machine
Alias of "policy applied"
adsysctl applied [USER_NAME] [flags]
-a, --all show overridden rules in each GPOs.
--details show applied rules in addition to GPOs.
-h, --help help for applied
--no-color don't display colorized version.
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for the specified shell
Generate the autocompletion script for adsysctl for the specified shell. See each sub-command's help for details on how to use the generated script.
-h, --help help for completion
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for bash
Generate the autocompletion script for the bash shell.
This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager.
To load completions in your current shell session:
source <(adsysctl completion bash)
To load completions for every new session, execute once:
adsysctl completion bash > /etc/bash_completion.d/adsysctl
adsysctl completion bash > /usr/local/etc/bash_completion.d/adsysctl
You will need to start a new shell for this setup to take effect.
adsysctl completion bash
-h, --help help for bash
--no-descriptions disable completion descriptions
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for fish
Generate the autocompletion script for the fish shell.
To load completions in your current shell session:
adsysctl completion fish | source
To load completions for every new session, execute once:
adsysctl completion fish > ~/.config/fish/completions/adsysctl.fish
You will need to start a new shell for this setup to take effect.
adsysctl completion fish [flags]
-h, --help help for fish
--no-descriptions disable completion descriptions
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for powershell
Generate the autocompletion script for powershell.
To load completions in your current shell session:
adsysctl completion powershell | Out-String | Invoke-Expression
To load completions for every new session, add the output of the above command to your powershell profile.
adsysctl completion powershell [flags]
-h, --help help for powershell
--no-descriptions disable completion descriptions
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for zsh
Generate the autocompletion script for the zsh shell.
If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once:
echo "autoload -U compinit; compinit" >> ~/.zshrc
To load completions for every new session, execute once:
adsysctl completion zsh > "${fpath[1]}/_adsysctl"
adsysctl completion zsh > /usr/local/share/zsh/site-functions/_adsysctl
You will need to start a new shell for this setup to take effect.
adsysctl completion zsh [flags]
-h, --help help for zsh
--no-descriptions disable completion descriptions
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Documentation
adsysctl doc [CHAPTER] [flags]
-d, --dest string Write documentation file(s) to this directory.
-f, --format string Format type (markdown, raw or html). (default "markdown")
-h, --help help for doc
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Policy management
adsysctl policy COMMAND [flags]
-h, --help help for policy
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Dump windows policy definitions
adsysctl policy admx lts-only|all [flags]
--distro string distro for which to retrieve policy definition. (default "Ubuntu")
-h, --help help for admx
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Print last applied GPOs for current or given user/machine
adsysctl policy applied [USER_NAME] [flags]
-a, --all show overridden rules in each GPOs.
--details show applied rules in addition to GPOs.
-h, --help help for applied
--no-color don't display colorized version.
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Updates/Create a policy for current user or given user with its kerberos ticket
adsysctl policy update [USER_NAME KERBEROS_TICKET_PATH] [flags]
-a, --all all updates the policy of the computer and all the logged in users. -m or USER_NAME/TICKET cannot be used with this option.
-h, --help help for update
-m, --machine machine updates the policy of the computer.
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Service management
adsysctl service COMMAND [flags]
-h, --help help for service
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Print service logs
adsysctl service cat [flags]
-h, --help help for cat
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Print service status
adsysctl service status [flags]
-h, --help help for status
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Requests to stop the service once all connections are done
adsysctl service stop [flags]
-f, --force force will shut it down immediately and drop existing connections.
-h, --help help for stop
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Updates/Create a policy for current user or given user with its kerberos ticket
Alias of "policy update"
adsysctl update [USER_NAME KERBEROS_TICKET_PATH] [flags]
-a, --all all updates the policy of the computer and all the logged in users. -m or USER_NAME/TICKET cannot be used with this option.
-h, --help help for update
-m, --machine machine updates the policy of the computer.
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Returns version of client and service
adsysctl version [flags]
-h, --help help for version
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
AD integration daemon
Active Directory integration bridging toolset daemon.
adsysd COMMAND [flags]
--ad-default-domain-suffix string AD default domain suffix to use. This overrides parsing sssd.conf.
-D, --ad-domain string AD domain to use. This overrides parsing sssd.conf
-S, --ad-server string URL of the Active Directory server. This overrides parsing sssd.conf.
--cache-dir string directory where ADsys caches GPOs downloads and policies. (default "/var/cache/adsys")
-c, --config string use a specific configuration file
-h, --help help for adsysd
--run-dir string directory where ADsys stores transient information erased on reboot. (default "/run/adsys")
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds without activity before the service exists. 0 for no timeout. (default 120)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for the specified shell
Generate the autocompletion script for adsysd for the specified shell. See each sub-command's help for details on how to use the generated script.
-h, --help help for completion
--ad-default-domain-suffix string AD default domain suffix to use. This overrides parsing sssd.conf.
-D, --ad-domain string AD domain to use. This overrides parsing sssd.conf
-S, --ad-server string URL of the Active Directory server. This overrides parsing sssd.conf.
--cache-dir string directory where ADsys caches GPOs downloads and policies. (default "/var/cache/adsys")
-c, --config string use a specific configuration file
--run-dir string directory where ADsys stores transient information erased on reboot. (default "/run/adsys")
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds without activity before the service exists. 0 for no timeout. (default 120)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for bash
Generate the autocompletion script for the bash shell.
This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager.
To load completions in your current shell session:
source <(adsysd completion bash)
To load completions for every new session, execute once:
adsysd completion bash > /etc/bash_completion.d/adsysd
adsysd completion bash > /usr/local/etc/bash_completion.d/adsysd
You will need to start a new shell for this setup to take effect.
adsysd completion bash
-h, --help help for bash
--no-descriptions disable completion descriptions
--ad-default-domain-suffix string AD default domain suffix to use. This overrides parsing sssd.conf.
-D, --ad-domain string AD domain to use. This overrides parsing sssd.conf
-S, --ad-server string URL of the Active Directory server. This overrides parsing sssd.conf.
--cache-dir string directory where ADsys caches GPOs downloads and policies. (default "/var/cache/adsys")
-c, --config string use a specific configuration file
--run-dir string directory where ADsys stores transient information erased on reboot. (default "/run/adsys")
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds without activity before the service exists. 0 for no timeout. (default 120)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for fish
Generate the autocompletion script for the fish shell.
To load completions in your current shell session:
adsysd completion fish | source
To load completions for every new session, execute once:
adsysd completion fish > ~/.config/fish/completions/adsysd.fish
You will need to start a new shell for this setup to take effect.
adsysd completion fish [flags]
-h, --help help for fish
--no-descriptions disable completion descriptions
--ad-default-domain-suffix string AD default domain suffix to use. This overrides parsing sssd.conf.
-D, --ad-domain string AD domain to use. This overrides parsing sssd.conf
-S, --ad-server string URL of the Active Directory server. This overrides parsing sssd.conf.
--cache-dir string directory where ADsys caches GPOs downloads and policies. (default "/var/cache/adsys")
-c, --config string use a specific configuration file
--run-dir string directory where ADsys stores transient information erased on reboot. (default "/run/adsys")
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds without activity before the service exists. 0 for no timeout. (default 120)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for powershell
Generate the autocompletion script for powershell.
To load completions in your current shell session:
adsysd completion powershell | Out-String | Invoke-Expression
To load completions for every new session, add the output of the above command to your powershell profile.
adsysd completion powershell [flags]
-h, --help help for powershell
--no-descriptions disable completion descriptions
--ad-default-domain-suffix string AD default domain suffix to use. This overrides parsing sssd.conf.
-D, --ad-domain string AD domain to use. This overrides parsing sssd.conf
-S, --ad-server string URL of the Active Directory server. This overrides parsing sssd.conf.
--cache-dir string directory where ADsys caches GPOs downloads and policies. (default "/var/cache/adsys")
-c, --config string use a specific configuration file
--run-dir string directory where ADsys stores transient information erased on reboot. (default "/run/adsys")
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds without activity before the service exists. 0 for no timeout. (default 120)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Generate the autocompletion script for zsh
Generate the autocompletion script for the zsh shell.
If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once:
echo "autoload -U compinit; compinit" >> ~/.zshrc
To load completions for every new session, execute once:
adsysd completion zsh > "${fpath[1]}/_adsysd"
adsysd completion zsh > /usr/local/share/zsh/site-functions/_adsysd
You will need to start a new shell for this setup to take effect.
adsysd completion zsh [flags]
-h, --help help for zsh
--no-descriptions disable completion descriptions
--ad-default-domain-suffix string AD default domain suffix to use. This overrides parsing sssd.conf.
-D, --ad-domain string AD domain to use. This overrides parsing sssd.conf
-S, --ad-server string URL of the Active Directory server. This overrides parsing sssd.conf.
--cache-dir string directory where ADsys caches GPOs downloads and policies. (default "/var/cache/adsys")
-c, --config string use a specific configuration file
--run-dir string directory where ADsys stores transient information erased on reboot. (default "/run/adsys")
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds without activity before the service exists. 0 for no timeout. (default 120)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Returns version of service and exits
adsysd version [flags]
-h, --help help for version
--ad-default-domain-suffix string AD default domain suffix to use. This overrides parsing sssd.conf.
-D, --ad-domain string AD domain to use. This overrides parsing sssd.conf
-S, --ad-server string URL of the Active Directory server. This overrides parsing sssd.conf.
--cache-dir string directory where ADsys caches GPOs downloads and policies. (default "/var/cache/adsys")
-c, --config string use a specific configuration file
--run-dir string directory where ADsys stores transient information erased on reboot. (default "/run/adsys")
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds without activity before the service exists. 0 for no timeout. (default 120)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Hidden commands
Those commands are hidden from help and should primarily be used by the system or for debugging.
Debug various policy infos
adsysctl policy debug [flags]
-h, --help help for debug
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Write GPO list python embeeded script in current directory
adsysctl policy debug gpolist-script [flags]
-h, --help help for gpolist-script
-c, --config string use a specific configuration file
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds before cancelling the client request when the server gives no result. 0 for no timeout. (default 30)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output
Runs scripts in the given subdirectory
adsysd runscripts ORDER_FILE [flags]
--allow-order-missing allow ORDER_FILE to be missing once the scripts are ready.
-h, --help help for runscripts
--ad-default-domain-suffix string AD default domain suffix to use. This overrides parsing sssd.conf.
-D, --ad-domain string AD domain to use. This overrides parsing sssd.conf
-S, --ad-server string URL of the Active Directory server. This overrides parsing sssd.conf.
--cache-dir string directory where ADsys caches GPOs downloads and policies. (default "/var/cache/adsys")
-c, --config string use a specific configuration file
--run-dir string directory where ADsys stores transient information erased on reboot. (default "/run/adsys")
-s, --socket string socket path to use between daemon and client. Can be overridden by systemd socket activation. (default "/run/adsysd.sock")
-t, --timeout int time in seconds without activity before the service exists. 0 for no timeout. (default 120)
-v, --verbose count issue INFO (-v), DEBUG (-vv) or DEBUG with caller (-vvv) output