Modifying users in RFC 2307-compliant zones
In a standard RFC 2307-compliant zone, modifying user account properties for a user with an Active Directory security group as the primary group requires the following permissions:
Select this target object | To apply these permissions |
The serviceConnectionPoint object for the user account For example, if you are using classic zones and the UNIX user name is chris: domain/UNIX/Zones/Finance/Users/chris
then select serviceConnectionPoint objects |
Click the Properties tab and select Allow to apply the following properties to this object only:
If you don’t see some of these attributes listed for serviceConnectionPoint objects, change the object selected to posixAccount objects, then click Allow for the additional properties. The GECOS field in a user’s UNIX profile is derived from the displayName attribute or the Name property (cn). |
Note: You can grant the required permissions to specific users or groups for any zone by selecting the Modify users task in the Zone Delegation Wizard.