Changing the parent zone or location of a zone

From Access Manager, you can make any existing hierarchical zone the child of another zone or make any child zone a new parent zone by dragging and dropping the zone into a new location or by changing the Parent zone field on the zone’s General properties tab.

Selecting the default location when moving a zone

If you make changes to the zone hierarchy, Access Manager prompts you to specify the new Active Directory location for the zone. In most cases, you should accept the default location for the zone you are moving. The default Active Directory location will be either:

  • The new parent zone container if you are moving a child zone from one parent to another or if you moving a parent zone to become a child zone.
  • The default Zones container you created the first time you started Access Manager if you are making a child zone a new top-level parent zone.

You are not required to accept the default Active Directory location when changing the zone hierarchy. If you select a different Active Directory location for the zone, however, you should note the location and whether the zone you are moving is now a parent or a child zone. If the zone structure displayed in Access Manager is different from the zone container structure you are using in Active Directory, you might find unexpected problems with inheritance and overrides, with modifying zone properties, or with deleting zones.

Moving a zone without changing its Active Directory location

When you are prompted to specify the Active Directory location for a zone you are moving, you have the option to select No and leave the current Active Directory location unchanged. If you change the parent zone without changing the Active Directory location for a zone, you should note that the location does not reflect the zone hierarchy. In rare cases, you might find it useful to leave the Active Directory location unchanged but doing so might make it more difficult to locate the zone object at a later time.

Restarting the agent after moving a zone

If you change the location for a zone in Active Directory, you must restart the Centrify UNIX agent on the computers in that zone so that they recognize the new zone location.

After you move the ZoneName object to a new parent container or organizational unit, run the following command to restart the Centrify UNIX agent on the computers in the zone:

/usr/share/centrifydc/bin/centrifydc restart

To move a zone to a new parent by changing properties

  1. Open Access Manager.
  2. Expand Zones and the individual parent or child zones, as required, to locate and select the zone name for which you want to display properties.
  3. Right-click, then click Properties to display the General tab.
  4. For the Parent zone field, click Browse to find and select the zone to use as the parent, then click OK.
  5. Click OK to save the new zone properties.
  6. In the Move Zone dialog, verify the location selected for the Yes, move to option to accept the default location, then click OK.

    In rare cases, you might want to click Browse to select a different Active Directory location for the zone you are moving, or select No, then click OK to keep the zone in its original location.