Creating an organizational unit for Centrify

To isolate the evaluation environment from other objects in Active Directory, you can create a separate organizational unit for all of the Centrify-specific objects that are created and managed throughout the evaluation. You must be the Active Directory administrator or have Domain Admins privileges to perform this task.

To create an organizational unit for Centrify

  1. Open Active Directory Users and Computers and select the domain.
  2. Right-click and select New > Organizational Unit.
  3. Deselect Protect container from accidental deletion.
  4. Type the name for the organizational unit, for example, Centrify, then click OK.

Create additional organizational units

Additional organizational units are not required for an evaluation. In a production environment, however, you might create several additional containers to control ownership and permissions for specific types of Centrify objects. For example, you might create separate organizational units for UNIX Computers and UNIX Groups.

To illustrate the procedure, the following steps create an organizational unit for the Active Directory groups that will be used in the evaluation to assign user access rights to the Centrify-managed computers within the top-level organizational unit for Centrify-specific objects.

To create an organizational unit for evaluation groups

  1. In Active Directory Users and Computers, select the top-level organizational unit you created in Creating an organizational unit for Centrify.
  2. Right-click and select New > Organizational Unit.
  3. Deselect Protect container from accidental deletion.
  4. Type the name for the organizational unit, for example, UNIX Groups, then click OK.

In later exercises, you will use this organizational unit and add other containers to manage additional types of information.