Overriding and modifying user properties

If you are using hierarchical zones, user profile information is inherited from parent zones into any child zones you define. You can override the inherited profile attributes at any time to create a new user profile in a specific child zone or on individual computers, if needed. Overriding profile attributes enables you to migrate legacy local accounts without modifying any existing account information or file and directory ownership.

You can also modify either the user profile or the Active Directory user account properties for any user at any time using the tool of your choice. For example, you can use Access Manager, the Access Module for Windows PowerShell, ADEdit, Active Directory Users and Computers, or the Centrify Windows API to modify the zone profile or Active Directory properties for a selected user.

To override a profile attribute in a user profile:

  1. Open Access Manager.
  2. Expand Zones and any parent or child zones required to select the zone name in which you want to override a profile attribute.

    For example, if you want to override the default login shell in the child zone that only AIX computers join, you might expand Child Zones to view and select the IBM AIX Only zone.

    If you want to override a profile attribute for a specific computer, expand Computers to select the computer name on which you want to override the profile attribute. For example, if you want to override the default numeric identifier for a user on the AIX computer aix6v0.ajax.org, you might expand the IBM AIX Only child zone and the Computers node to view and select the aix6v0.ajax.org computer.

  3. Expand UNIX Data for the zone or computer, then select Users.
  4. Select the user, right-click, then select Zone Profile.

    The profile displays the attributes inherited from the parent zone or currently set.

  5. Select an attribute and provide the override value.

    For example, select Shell and type /usr/bin/ksh to give the selected user profilea different default login shell—one appropriate for an AIX computer—in the selected zone or on the selected computer.

  6. Click OK to save the profile change.