Specify AD Groups allowed in Auto Zone

Specify the Active Directory groups that are included in the Auto Zone. By default, all Active Directory groups are included in the Auto Zone. When you enable this policy, only the specified groups are included in the Auto Zone and assigned a GID on the computer.

You can manually enter each group name separated by a comma, or click List, then Add, to browse for groups to add. If you manually add groups, use one of the following formats:

  • SAM account name
  • NTLM: DOMAIN\sAMAccountName (also DOMAIN/sAMAccountName)
  • UPN or sAMAccountName@domain
  • Full DN: CN=commonName, …,DC=domain_component, DC=domain_component,…
  • Canonical Name : domain.com/container1/cn

You can also specify the groups in a file.

Any groups listed may be domain local, global, or universal security groups. Distribution groups are not supported. If an Active Directory user specified in “Specify AD users allowed in Auto Zone” is a member of a group that is not specified in the current group policy, that group is ignored.

This group policy modifies the auto.schema.groups parameter in the agent configuration file.