In a standard RFC 2307-compliant zone, modifying user account properties for a user with an Active Directory security group as the primary group requires the following permissions:
|Select this target object||To apply these permissions|
The serviceConnectionPoint object for the user account
For example, if you are using classic zones and the UNIX user name is chris:
Click the Properties tab and select Allow to apply the following properties to this object only:
If you don’t see some of these attributes listed for serviceConnectionPoint objects, change the object selected to posixAccount objects, then click Allow for the additional properties.
The GECOS field in a user’s UNIX profile is derived from the displayName attribute or the Name property (cn).
Note: You can grant the required permissions to specific users or groups for any zone by selecting the Modify users task in the Zone Delegation Wizard.