Create a top-level parent zone

Before you migrate users and groups or add computers to the domain, you must have at least one zone. Centrify recommends that you create one top-level parent for your organization, which is similar to having a single forest root domain.

To create the top-level parent zone:

  1. Log on to the Windows computer where Authentication & Privilege is installed and open Access Manager.

    If you are not currently connected to the appropriate forest, specify the domain controller to which you want to connect.

  2. In the console tree, select Zones and right-click, then click Create New Zone.
  3. Type the zone name and, optionally, a longer description of the zone.

    In most cases, you should use the default parent container and container type that you created when you configured the Active Directory forest, and the default zone type, which creates the new zone as a hierarchical zone, then click Next.

    The only reasons for changing the default settings would be if you want to:

    • Create a zone in a new location to separate administrative activity for different groups of administrators.
    • Create zones as organizational units because you want to assign group policy objects to zones.
    • Create a classic zone for backwards compatibility or are using the Microsoft Services for UNIX (SFU) schema.

    For additional details about any of the zone fields, press F1 to view context-sensitive help.

  4. Review the information about the zone you are creating, then click Finish.