Create groups for the default roles in the parent zone

The next step in configuring the top-level parent zone is to create two Active Directory groups for the default listed and UNIX Login roles that are predefined in hierarchical zones.

  • If you have a single top-level parent zone, users with a listed role can be recognized as having a valid profile on every UNIX computer in the organization. However, users in the listed role are not allowed to log on to any of those computers.
  • If you have a single top-level parent zone, users with a UNIX Login role can log on to every UNIX computer in the organization.

For the top‑level parent zone, the UNIX Login role is intended for enterprise-level systems administrators who need to be able to log on to any UNIX computer in the organization. Because these are powerful roles in the parent zone, only a limited number of users would ever be assigned to these roles. However, the listed and UNIX Login roles are key components of migration when you create one or more child zones. If no users in the organization will be assigned these roles in the parent zone, you can skip the creation of the Active Directory groups for roles in the parent zone.

To create the groups for listed and UNIX Login roles in the parent zone:

  1. Start Active Directory Users and Computers.
  2. Expand the forest domain and the top-level UNIX organizational unit you created in Selecting a location for the top-level OU.
  3. Select the User Roles organizational unit, right-click, then select New > Group.
  4. Type the group name using the format ZoneName_Role_RoleName. For example, if the zone name is arcadeGlobal, type arcadeGlobal_Role_Listed, then click OK.
  5. Select the User Roles organizational unit, right-click, then select New > Group.
  6. Type the group name using the format ZoneName_Role_RoleName. For example, if the zone name is arcadeGlobal, type arcadeGlobal_Role_Login, then click OK.