Delegating control for UNIX data managers

The UnixDataManagers security group is intended for members of the UNIX administration team who are responsible for managing computer accounts. You should add members to this security group to grant specific users the rights required to manage UNIX users and groups objects in the UNIX groups and Service Accounts organizational units in Active Directory.

You can delegate tasks to the UnixDataManagers group on the UNIX Groups and Service Accounts organizational units using Active Directory Users and Computers. You can delegate zone administration tasks to the group in Access Manager.

Delegating tasks for UNIX groups

In Active Directory Users and Computers, select the UNIX Groups organizational unit, right‑click, then select Delegate Control to start the Delegation of Control Wizard. Select the security group you are using for UNIX data managers and delegate the following tasks:

  • Create, delete, and manage groups
  • Modify the membership of a group

Delegating tasks for service accounts

In Active Directory Users and Computers, select the Service Accounts organizational unit, right‑click, then select Delegate Control to start the Delegation of Control Wizard. Select the security group you are using for UNIX data managers and delegate the following tasks:

  • Create, delete, and manage user accounts
  • Reset user passwords and force password change at next logon

Delegating zone-specific tasks

As a member of the CentrifyAdministrators security group, you can also grant zone-specific permissions to the members of the UnixDataManagers group. After you have created the appropriate zones, you can delegate the following zone administration tasks to UNIX data managers:

  • Add users
  • Add groups
  • Remove users
  • Remove groups
  • Modify user profiles
  • Modify group profiles