manage_dz command to enable or disable authorization in classic zones. In classic zones, authorization-related features are disabled by default, and the authorization store that is required for managing rights, roles, and restricted environment is not available in Active Directory.
To enable authorization in classic zones using ADEdit, you can run the
manage_dz ‑on command. This command creates the authorization store if it does not exist, and sets the zone property that enables privilege elevation service features.
To disable authorization in a classic zone, you can run the
manage_dz –off command. Running this command disables authorization services. The command does not remove any existing authorization data from Active Directory.
This command takes the following options:
Enables authorization for the currently selected zone and creates the authorization data store if it not currently defined in Active Directory.
Disables authorization for the currently selected zone. This option does not remove any data from the authorization data store if it currently exists.
This command takes no arguments.
This command returns nothing if it runs successfully.
create_zone classic4 cn=c125,cn=zones,dc=ross,dc=net select_zone cn=c125,cn=zones,dc=ross,dc=net is_dz_enable 0 manage_dz -on is_dz_enable 1
This code example creates a zone, checks that authorization is disabled by default, then enables authorization for the zone.
The following command performs actions related to this command:
- is_dz_enabled checks whether authorization is currently enabled for a zone.