Configuring default values for a zone

You can configure default settings for user and group profiles that are added to the zone. The user and group defaults you configure can include predefined variables that populate the user or group profile by using Active Directory attributes or settings configured on individual managed computers.

By specifying user default and group default settings, you can simplify the process of adding user and group profiles to child zones. For example, you can define a default user profile that uses the sAMAccountName attribute for a user’s UNIX login name. All users who are added to the zone are then automatically assigned a UNIX login name based on their sAMAccountName. If you define the default attributes in a parent zone, they can also be inherited in all of the child zones under that parent and only overridden where other values are explicitly required.

Setting user defaults

When you create a zone, it includes a default set of user profile attributes. In most cases, there’s no need to modify any of the default settings unless you want to define partial profiles in a parent zone that will be manually completed in child zones. For example, the default setting for the numeric user identifier (UID) is an automatically generated UID based on the user’s globally unique security identifier (SID). This setting ensures all users who are added to the zone are assigned a unique UID for the entire forest.

If you define a default value for any user profile attribute, that value is used to populate the user profile displayed when you add users to the selected zone. When you add a user to the zone, you can accept the default profile attributes or override any of the default attributes displayed.

To view or modify the default user profile in a zone

  1. Open Access Manager.
  2. Expand Zones and the individual parent or child zones, as required, to locate and select the zone name for which you want to display properties.
  3. Right-click, then click Properties.
  4. Click the User Defaults tab.
  5. Review the default settings and modify any of the defaults, if needed.

    For most organizations, the default settings are appropriate. For example, the Active Directory sAMAccountName attribute most closely resembles the most common format for the UNIX login name and an automatically generated UID ensures that all new users have a unique UID in the forest. For more information about the attribute fields or the default values, press F1 to view the context-sensitive help.

  6. Click OK.

For more information about using default values, see Creating user profiles for Active Directory users. For more information about using predefined or custom variables in user profiles, see Setting runtime variables in user profiles.

Setting group defaults

When you create a zone, it includes a default set of group profile attributes. In most cases, there’s no need to modify the default settings for groups unless you are manually assigning numeric group identifiers (GID) or using the Apple algorithm for generating the GID.

If you define a default value for a group attribute, that value is used to populate the group profile displayed when you add groups to the selected zone. When you add a group to the zone, you can accept the default profile attributes or override any of the default attributes displayed.

To view or modify the default group profile in a zone

  1. Open Access Manager.
  2. Expand Zones and the individual parent or child zones, as required, to locate and select the zone name for which you want to display properties.
  3. Right-click, then click Properties.
  4. Click the Group Defaults tab.
  5. Review the default settings and modify any of the defaults, if needed.

    For most organizations, the default settings are appropriate. For example, the Active Directory sAMAccountName attribute most closely resembles the most common format for the group name and an automatically generated GID ensures that all new group have a unique GID in the forest. For more information about the attribute fields or the default values, press F1 to view the context-sensitive help.

  6. Click OK.

For more information about using default values, see Creating group profiles for Active Directory groups. For more information about using predefined or custom variables in user profiles, see Setting runtime variables in user profiles.