In a standard Centrify zone when the functional level of the forest is Windows Server 2003 or later, adding a user account with an Active Directory security group as the primary group to a zone requires the following permissions:
| Select this target object | To apply these permissions |
|
Parent container object for the user profile For example, if you use classic zones, the default Users container in the Finance zone: domain/UNIX/Zones/Finance/Users
|
On the Object tab, select Allow to apply the following permission to this object only:
This permission is required for both standard zones and RFC 2307‑compliant zones. For standard zones, you need to apply additional permissions. Click the Properties tab and select serviceConnectionPoint objects from the object list, then select Allow to apply the following properties to this object:
|
|
User account object in Active Directory For example: domain/Users/user_name |
Click the Properties tab and select Allow to apply the following properties to this object only:
|
|
Parent container object for the individual zone For example, if you are adding a user to the Finance zone: domain/UNIX/Zones/Finance
|
Click the Properties tab and select Allow to apply the following properties to this object only:
|
Doc Feedback