Adding security groups to zones

Adding an Active Directory group to a zone requires the following permissions:

Select this target object To apply these permissions

Parent container object for the group

For example, if you are using classic zones, the ZoneName/Groups container:

domain/UNIX/Zones/acme/Groups

On the Object tab, select Allow to apply the following permission to this object only:

  • Create serviceConnectionPoint objects

Click the Properties tab and select Allow to apply the following properties to this object only:

  • Read objectClass

Note You can grant the required permissions to specific users or groups by selecting the Add or remove groups task in the Zone Delegation Wizard.

Group account object in Active Directory

For example:

domain/UNIX/UNIX groups/group_name

Click the Properties tab and select Allow to apply the following properties to this object only:

  • Read groupType
  • Read objectCategory
  • Read objectClass
  • Read objectGUID
  • Read objectSid

Parent container object for the individual zone

For example, if you are adding a group to the Finance zone:

domain/UNIX/Zones/Finance

Click the Properties tab and select Allow to apply the following properties to this object only:

  • Read objectGUID
  • Write Description