Prepare a computer object before joining

In most cases, you should pre-create the computer object for every UNIX computer in every zone. For individual computers, you can use the Prepare Computer wizard to guide you through the process. However, you will probably want to create a Windows or UNIX script for performing the operation repeatedly. For example, you can use adedit or the Windows API to create a script.

To prepare a computer account in Active Directory using Prepare Computer:

  1. Start Access Manager.
  2. In the console tree, expand the Child Zones node, then expand the child zone for this computer to join.
  3. Select the Computers node, right-click, then click Prepare Computer.
  4. Accept the default preparation options, then click Next.
  5. Accept the default to Create a new computer object, then click Next.
  6. Type the name of the computer object to create and modify the DNS host name of the computer object, if necessary.

    The computer name is the name of the computer principal in Active Directory. The DNS name is how the UNIX computer is currently registered in DNS. If you have a disjointed DNS namespace, you should be sure the DNS name is the name used in the computer’s DNS entry.

  7. Click Change and navigate to the organizational unit for storing computer principals. For example, if you created the organizational unit structure described in Creating recommended organizational units, select UNIX Servers and Workstations and click OK, then click Next.
  8. Select an option for joining the computer to the domain, then click Next.

    • If you want to require users to interactively join the computer to Active Directory, click Browse to select the Join Operators group.
    • If you want to allow the computer to join itself to the zone, select Allow the computer to join itself to the zone. This option automatically associates the computer with the correct zone, so there’s less chance of a human error.
  9. Click Browse to select the Zone Administrators group, then click Next.

    With this setting, users in the Zone Administrators can override any inherited attributes of a UNIX user or a UNIX group profile on the computer.

  10. Review your selections, then click Next to create the computer account.
  11. Click Finish to complete the process.

You have now finished preparing the environment for migration and are ready to begin importing groups and users and assigning them appropriate roles.