Set user mapping

Use the Set user mapping group policy to map a local Linux, UNIX, or Mac OS X user account to an Active Directory account. Local user mapping allows you to set password policies in Active Directory even when a local Linux, UNIX, or Mac OS X account is used to log in. This group policy is most commonly used to map local system or application user accounts on a computer to a different Active Directory account and password, so that you can enforce password complexity rules for the account, but it can be used for any local user account.

When you select Enabled for the Set user mapping group policy, you can then click Show to add or remove user accounts.

To add mapped user accounts to the policy, click Add. You can then type the Linux, UNIX, or Mac OS X user account name in the first field and the Active Directory account name to which you want to map the local account in the second field, then click OK.

Once this policy is applied, users or services attempting to log in with the local mapped account must provide the Active Directory password for the account. For example, if you have mapped the local user caine to an Active Directory account that uses the password +shark1, the user logging in with the caine user name must provide the +shark1 password or authentication will fail.For more information about mapping local Linux, UNIX, or Mac OS X accounts to Active Directory accounts, see the Administrator’s Guide for Linux and UNIX or the Administrator’s Guide for Mac.