Using Active Directory Users and Computers, scripts, or internal procedures, the basic workflow for a new user would be similar to this:
- A new Active Directory user requests access to UNIX computers.
You add the user principal name to an Active Directory group principal. If you are adding the user to the parent zone, you add the user to the “users” provisioning group parentZoneName_Zone_Users.
If you wanted to create the profile in a child zone instead of the parent zone, you would add the Active Directory user to the childZoneName_Zone_Users. If you use some other naming convention for the provisioning group, you would search for and select that group.
The Zone Provisioning Agent monitors this group and at the next interval (or on‑demand) creates a UNIX profile for the user in the zone, based on the business rules you defined.
Note: If you remove a user from the Active Directory provisioning group, the Zone Provisioning Agent removes the UNIX user profile from the zone.
- You notify the user that a new UNIX profile has been created with information about the login name and initial Active Directory password to use.