As discussed in How zones help you organize information, Centrify zones help you organize computers, users, groups, access rights and other information into logical groups similar to Active Directory organizational units or Network Information Service (NIS) domains. You have several options when choosing the type of zone to create, and the type of zone you select depends entirely on what your organization needs. The first decision to make is the type of zone to create:
- Hierarchical, which is the default and supports inheritance and overrides.
- Classic, which is backward-compatible to support older versions of the Centrify agent.
- SFU, which supports the Microsoft Services for UNIX schema and rarely used.
- Auto Zone, which is a simplified “zone” for computers to join when you don’t need any control over profiles, access rights, or roles and role assignments.
With the exception of SFU zones, you can mix and match any combination of zone types in the same Active Directory forest, as needed. For example, you can create one or more classic zones to support legacy agents, an Auto Zone for a group of computers that don’t require the management of identity attributes or access rights, and hierarchical zones for the computers for which you want to actively manage access rights and privileges.