manage_dz

Use the manage_dz command to enable or disable authorization in classic zones. In classic zones, authorization-related features are disabled by default, and the authorization store that is required for managing rights, roles, and restricted environment is not available in Active Directory.

To enable authorization in classic zones using ADEdit, you can run the manage_dz ‑on command. This command creates the authorization store if it does not exist, and sets the zone property that enables privilege elevation service features.

To disable authorization in a classic zone, you can run the manage_dz –off command. Running this command disables authorization services. The command does not remove any existing authorization data from Active Directory.

Zone type

Classic only

Syntax

manage_dz [-on|-off]

Abbreviation

mnz

Options

This command takes the following options:

Option Description

-on

Enables authorization for the currently selected zone and creates the authorization data store if it not currently defined in Active Directory.

-off

Disables authorization for the currently selected zone. This option does not remove any data from the authorization data store if it currently exists.

Arguments

This command takes no arguments.

Return value

This command returns nothing if it runs successfully.

Examples

create_zone classic4 cn=c125,cn=zones,dc=ross,dc=net
select_zone cn=c125,cn=zones,dc=ross,dc=net
is_dz_enable
0
manage_dz -on
is_dz_enable
1

This code example creates a zone, checks that authorization is disabled by default, then enables authorization for the zone.

Related commands

The following command performs actions related to this command:

  • is_dz_enabled checks whether authorization is currently enabled for a zone.