How Cells Are Processed in AD Bridge

AD Bridge Searches Active Directory for Cell Information

When an Active Directory user logs on to an AD Bridge client computer, the AD Bridge agent searches Active Directory for the user's AD Bridge Cell information.

The search typically begins at the node where the computer is joined to Active Directory and can extend to all forests that have a two-way transitive trust with the client computer's forest.

AD Bridge Agent Checks the Cell Type

The AD Bridge agent determines the OU where the computer is a member and checks whether a Named Cell is associated with it.

AD Bridge Agent Continues Search If No Cell Found for the OU

If a cell is not associated with the OU, the AD Bridge agent on the Unix or Linux computer moves up the directory structure, searching the parent and grandparent OUs until it finds an OU that has an AD Bridge Cell associated with it.

Named Cell Found

If a Named Cell is found, AD Bridge searches for a user or group's attributes in the cell associated with the computer.

If an OU with an associated cell is not found, the AD Bridge agent uses the Default Cell for the domain to map the username to UID and GID information.

Default Cell Processing

A Default Cell is processed differently than a Named Cell. When processing a Default Cell, AD Bridge searches for a user or group's attributes in the Default Cell of the domain where the user or group resides. For example, a two-domain topology configured with one domain for users and another domain for computers would require two Default Cells:

  • a Default Cell in the domain where user and group objects reside
  • a Default Cell in the domain where computer objects are joined

A Linux or Unix computer can be a member of an OU that does not have a cell associated with it. In such a case, the Group Policy Objects (GPOs) associated with the OU apply to the Linux or Unix computer, but user UID and GID mappings follow the policy of the nearest parent cell or the Default Cell.

AD Bridge does not require you to have a Default Cell, but for AD Bridge to operate properly you must ensure that the AD Bridge agent can always find a cell.

For more information about modes, cells, and user rights, see the AD Bridge Best Practices Guide.