After you create an Active Directory security group for computers and associate it with a computer role, you can add or remove computers simply by updating the group membership. For example, if you have a computer role for managing access to Oracle database servers and you deploy a new instance, you simply add the new server to the computer security group you created for Oracle servers. You can update the group membership using Active Directory Users and Computers, Access Manager, ADEdit, or another tool of your choice.
After you have specified the Active Directory security group you want associated with a computer role, the account membership is synchronized so you can use Access Manager or another program to make changes.
Steps for completing this task
The following instructions illustrate how to add computers to a computer role using Access Manager. Examples of scripts that use the Access Module for Windows PowerShell, ADEdit, or the Centrify Windows API are available in other guides, the Centrify Software Developer’s Kit, or in community forums on the Centrify website.
To add computers to the computer role using Access Manager
- Open Access Manager.
- Expand Zones and the individual parent or child zones required to select the zone name that contains the computer role to which you want to add computers.
- Expand Authorization and Computer Roles, then expand the computer role to which you want to add computers.
- Select Members, right-click, then select Add Computer.
- Type all or part of a computer name, then click Find Now to search for the computer accounts to add.
- Select one or more computers from the results, then click OK to automatically add computers to the Active Directory group associated with the computer role.