In most cases, you get more operational benefits by using Active Directory groups to manage UNIX and Linux user accounts than you would get from migrating your local group profiles into Active Directory. For example, by using Active Directory groups to manage both Windows and UNIX users, you can use your existing provisioning and access control policies across multiple platforms and automate the provisioning and de-provisioning of accounts and access rules.
In some cases, however, you might find it useful to migrate some or all of your existing local groups to Active Directory. If you want to move local group profiles into Active Directory, you have the option to import local groups on a zone-by-zone basis. As part of the import process, you can choose to how each local group should be handled. For example, you can:
- Create a new Active Directory group for each imported group.
- Extend an existing Active Directory group to include an imported group.
- Merge an imported group into an existing UNIX group profile.