In a standard zone, modifying user account properties for a user with a standard Active Directory security group as the primary group requires the following permissions:
|Select this target object||To apply these permissions|
The serviceConnectionPoint object for the user account
For example, if you are using classic zones and the UNIX user name is chris:
Click the Properties tab and select Allow to apply the following properties to this object only:
If you are changing the UNIX user name for the user, you need the following additional permissions applied to this object:
Note The Name property is the common name (cn) of the serviceConnectionPoint object.
Note: You can set the permissions for modifying user accounts by clicking Permissions when you are viewing the Centrify Profile for a user.