create_zone

Use the create_zone command to create a new zone in Active Directory. The command does not store the new zone in memory nor set it as the currently selected ADEdit zone. To manage the zone, you must select it using select_zone and then use zone commands.

This command can create different types of zones and the zones can use different types of schemas, depending on the schema you are using for Active Directory. Before the zone is created, however, ADEdit checks for a valid license.

The create_zone command first checks the ADEdit context for a valid license indicator for the forest. If an indicator is not found in the context, the command checks for a valid license as follows:

  • Bind to the global catalog (GC) domain controller, search the forest for the license container and validate the license.
  • Bind to the current domain, search for the license container and validate the license.

If the command finds a valid license, it stores an indicator in the current context and creates the new zone. If it does not find a valid license, create_zone reports “No valid license found” and exits. If the command fails, use the validate_license command to validate the license container explicitly.

Note:   When this command creates a zone, the zone contains predefined roles such as “sftp” and “UNIX Login.” The zone does not, however, contain the role “Windows Login” because ADEdit does not support Windows rights.

Zone type

Classic and hierarchical

Syntax

create_zone [-ou] [-nonisserversgroup] [-notdelegateanyright] zone_type path [schema_type]

Abbreviation

cz

Options

This command takes the following options:

Option Description

-nonisserversgroup

Creates the new zone without the zone_nis_servers group.

-notdelegateanyright

Creates the new zone but does not set the zone permissions. If you use this option, be sure to set the zone permissions later.

-ou

Creates the new zone as an organizational unit object. If not present, the new zone is created as a container object.

Note that the parent container determines what type of object the zone can be. If the parent container is a generic container object, the zone must be a container object. If the parent container is an organizational unit object, the zone can be either an organizational unit object or a container object.

Arguments

This command takes the following arguments:

Argument Type Description

zone_type

string

Required. The possible values are:

  • tree specifies a hierarchical zone that can be a parent or child zone.
  • classic3 specifies a classic zone that is compatible with agent version 3 and later.
  • classic4 specifies a classic zone that is compatible with agent version 4 and later.
  • computer specifies a computer-level zone that consists of a single computer in a hierarchical zone. This zone type is used to support computer-level overrides for user and group profiles and role assignments. It is not applicable in classic zones.
  • classic-computer specifies a computer-level zone that consists of a single computer in a classic zone. This zone type is used to enable you to assign a role to a specific computer in classic zones. It is not applicable in hierarchical zones.

path

string

Required. Specifies a path to the new zone. The path consists of the new zone’s distinguished name (DN) and (if a computer override) the name of the computer.

schema_type

string

Optional. Specifies the type of schema to use for the new zone. The possible values are:

  • sfu specifies the Microsoft Services For UNIX schema. This setting can be used for tree, classic3, and classic4 zone types. If it’s used for a hierarchical zone, it can only be the root of the zone hierarchy.
  • std specifies the dynamic schema. This setting can be used for all zone types. This is the default schema unless ADEdit detects the RFC2307 schema.
  • rfc specifies the RFC2307 schema.This setting can be used for all zone types. This is the default schema if ADEdit detects that RFC2307 is installed and the domain is at Windows Server 2003 functional level.

If none of these values is present, the default is either std or rfc as described above.

Return value

This command returns no value if it runs successfully.

Examples

The following examples illustrate how to create a classic zone, hierarchical zone, and computer-specific zone in Centrify Server Suite 2012 and later.

Related commands

Before you use this command, you must bind to one or more Active Directory domains. The following command enables you to store a newly created zone in memory:

  • select_zone retrieves a zone from Active Directory and stores it in memory.

After you have created a new zone and stored it in memory, you can use the following commands to work with that zone:

  • delegate_zone_right delegates a zone use right to a specified user or computer.
  • delete_zone deletes the selected zone from Active Directory and memory.
  • get_child_zones returns a Tcl list of child zones, computer roles, or computer zones.
  • get_zone_field reads a field value from the currently selected zone.
  • get_zone_nss_vars returns the NSS substitution variable for the selected zone.
  • save_zone saves the selected zone with its current settings to Active Directory.
  • set_zone_field sets a field value in the currently selected zone.