manage_dz
Use the manage_dz
command to enable or disable authorization in classic zones. In classic zones, authorization-related features are disabled by default, and the authorization store that is required for managing rights, roles, and restricted environment is not available in Active Directory.
To enable authorization in classic zones using ADEdit, you can run the manage_dz ‑on
command. This command creates the authorization store if it does not exist, and sets the zone property that enables privilege elevation service features.
To disable authorization in a classic zone, you can run the manage_dz –off
command. Running this command disables authorization services. The command does not remove any existing authorization data from Active Directory.
Zone type
Classic only
Syntax
manage_dz [-on|-off]
Abbreviation
mnz
Options
This command takes the following options:
Option | Description |
-on |
Enables authorization for the currently selected zone and creates the authorization data store if it not currently defined in Active Directory. |
-off |
Disables authorization for the currently selected zone. This option does not remove any data from the authorization data store if it currently exists. |
Arguments
This command takes no arguments.
Return value
This command returns nothing if it runs successfully.
Examples
create_zone classic4 cn=c125,cn=zones,dc=ross,dc=net select_zone cn=c125,cn=zones,dc=ross,dc=net is_dz_enable 0 manage_dz -on is_dz_enable 1
This code example creates a zone, checks that authorization is disabled by default, then enables authorization for the zone.
Related commands
The following command performs actions related to this command:
- is_dz_enabled checks whether authorization is currently enabled for a zone.