As with imported users, you should also add all of your imported UNIX groups to the provisioning group in the top-level parent zone. Adding the group profiles as members of the top-level provisioning group will enable the Zone Provisioning Agent to define a new “universal” UNIX profile for each group based on business rules you establish for the parent zone. The new profile will not affect the existing file ownership, but will make it easier to provision and deprovision users moving forward. Adding the UNIX group profiles to the top-level parent zone ensures that the Zone Provisioning Agent does not remove the imported groups from the zone.
To add existing UNIX groups to the provisioning group for the parent zone:
- Start Active Directory Users and Computers.
- Expand the forest domain and the top-level UNIX organizational unit you created in Selecting a location for the top-level OU.
- Expand the Provisioning Groups organizational unit, then select the parentZoneName_Zone_Groups group. For example, if the parent zone is arcadeGlobal, select arcadeGlobal_Zone_Groups, right-click, then select Properties.
- Click the Members tab, then click Add.
- Search for and select the imported user accounts that you have mapped to Active Directory users, then click OK.
- Click OK to save the provisioning group and close the Properties.