Create child zones

This script creates two child zones in the domain and parent zone specified in the command line. The command line syntax is as follows:

>./CreateChildZones -d domain -z parentZone [-u adminName] [-p password]

where:

  • domain is the domain name
  • parentZone is the name of an existing zone
  • adminName is the name of an Active Directory user with administrator privileges on the domain controller
  • password is the administrator’s password. If you do not enter the password in the command line, your are prompted for it

The password is optional. If you do not type it in the command line, the script prompts you to enter it.

The script binds to the domain you specify using the user name and password you provide. The script then prompts you to enter the name of the organizational unit and container in which you store the zone information. After that, it prompts you to enter names for the two child zones. Note that this sample script assumes you are using the default deployment structure with the top-level organizational unit. If you are not using the default deployment structure, you should modify the sample script to reflect the structure you are using before testing its operation.

To confirm the script ran successfully, open Access Manager and expand the Child Zones node under the parent zone you specified in the command line. If the two new child zones are listed, you can right-click each zone name to see its zone properties.

CreateChildZones

#!/bin/env adedit
# This script creates 2 child zones in the domain and parent zone 
# specified in the command line.
#
package require ade_lib
proc usage {msg} {
	puts {usage: -d <domain> -z <parentZone> [-u <user>] [-p <password>]}
puts $msg
	exit 1
}
if {[getopt argv -d domain] == 0} {
	usage "Missing Domain, ex. demo.test"
}
if {[getopt argv -z parentZone] == 0} {
	usage "Missing parent zone, ex. HQ"
}
if {[getopt argv -u user] != 0} {
	if {[getopt argv -p password]} {
		bind $domain $user $password
		} else {
        bind $domain $user} 
	} else {
    puts "Enter administrator name"
	gets stdin user
	bind $domain $user
}
puts "
Enter the name of the container for the Centrify zone data"
gets stdin zoneContainer
puts "
Enter the organizational unit for the Centrify zone data"
gets stdin zoneContainerOU
# Define distinguished name for domain
set domaindn [dn_from_domain $domain]
puts "
Summary:"
puts 	"Domain is $domain. DN for the domain is $domaindn"
puts 	"The base OU is $zoneContainerOU."
puts 	"The container for the zone information is $zoneContainer
"
# Create child zones
puts "Enter child zone name"
gets stdin czone1
puts "
Enter another child zone name"
gets stdin czone2
create_zone tree "cn=$czone1,cn=$parentZone,cn=$zoneContainer,ou=$zoneContainerOU,$domaindn" std
create_zone tree "cn=$czone2,cn=$parentZone,cn=$zoneContainer,ou=$zoneContainerOU,$domaindn" std
# link the children to parent
select_zone "cn=$czone1,cn=$parentZone,cn=$zoneContainer,ou=$zoneContainerOU,$domaindn"
set_zone_field parent "cn=$parentZone,cn=$zoneContainer,ou=$zoneContainerOU,$domaindn"
save_zone
select_zone  "cn=$czone2,cn=$parentZone,cn=$zoneContainer,ou=$zoneContainerOU,$domaindn"
set_zone_field parent "cn=$parentZone,cn=$zoneContainer,ou=$zoneContainerOU,$domaindn"
save_zone
puts "
Child zones $czone1 and $czone2 created in $parentZone"