At this point, you have imported legacy data into one or more child zones and accepted divergent profile attributes using computer-level overrides. You should now add all of your imported UNIX users to the provisioning group in the top-level parent zone. Adding users as members of the provisioning group will enable the Zone Provisioning Agent to define a new “universal” UNIX profile for legacy users based on business rules you establish for the parent zone. The new profile will not affect the existing file ownership, but will make it easier to provision and deprovision users moving forward.
As discussed in Installing Zone Provisioning Agent, the Zone Provisioning Agent enables you to define business rules for creating new UNIX profiles for new UNIX users. After you complete the migration and enable the Zone Provisioning Agent, it runs at a regularly scheduled interval to determine whether there are new users or users who should be removed. At each interval, the Zone Provisioning Agent compares the members of the parent zone’s Users provisioning group with the user profiles currently defined for the zone.
If there are UNIX profiles for users who aren’t members of the provisioning group, the Zone Provisioning Agent removes those user profiles. To prevent the Zone Provisioning Agent from removing the imported data, you must add the Active Directory users associated with the imported user profiles to the parent zone’s Users provisioning group.
To add existing UNIX users to the provisioning group for the parent zone:
- Start Active Directory Users and Computers.
- Expand the forest domain and the top-level UNIX organizational unit you created in Selecting a location for the top-level OU.
- Expand the Provisioning Groups organizational unit, then select the parentZoneName_Zone_Users group. For example, if the parent zone is arcadeGlobal, select arcadeGlobal_Zone_Users, right-click, then select Properties.
- Click the Members tab, then click Add.
- Search for and select the imported user accounts that you have mapped to Active Directory users, then click OK.
- Click OK to save the provisioning group and close the Properties.