Prepare

After you have analyzed the environment, you should prepare the Active Directory organizational units and groups to use. You can then install administrative consoles and prepare initial zones.

Here are the key steps involved:

  • Create organizational units or containers to define a scope of authority.

    For example, if you want to organize all of the UNIX-related information together for your organization, you can create one top-level container for the enterprise, such as Centrify UNIX. If you want to define the scope of authority at a regional or business unit level, you might have separate top-level containers for the different regions or business units, for example, UNIX NA-SA, UNIX EMEA, UNIX PACIFIC or UNIX-Federal, UNIX-Consumer, UNIX-Industrial.

    The deployment project team should consult with the Active Directory enterprise administrator to determine the appropriate top-level containers or organizational units and who should be responsible for managing and delegating administrative tasks for the objects in those top-level containers. For more information about creating organizational units or containers in Active Directory, see Designing organizational units for Centrify.

  • Create the appropriate Active Directory security groups for your organization.

    Groups can simplify permission management and the separation of duties security model. For more information about using groups, see Security groups to manage Centrify information.

  • Select at least one administrative Windows computer and install Centrify components Access Manager.

    This step is not strictly required if you only use existing processes or scripts to perform administrative tasks, but Centrify recommends you have at least one computer where you can use the graphical user interface to perform common tasks. If you are deploying the audit and monitoring service infrastructure, you should also install Audit Manager and Audit Analyzer. For more information about installing Centrify software on Windows, see Installing Authentication & Privilege Services.

  • Start the Centrify Access Manager console to run the Setup Wizard for the Active Directory domain.
  • Create a parent zone and the appropriate child zones as identified in your basic zone design.

    The hierarchical zone structure you use depends primarily on how you want to use inheritance and overrides. For more information about creating parent and child zones, see Creating the first zone.

  • Determine the target set of computers and make sure that they have the appropriate connectivity.