HierarchicalUser

The HierarchicalUser class manages the UNIX user profile information of an Active Directory user in a hierarchical zone.

Syntax

public interface IHierarchicalUser : IUserUnixProfile

Discussion

In hierarchical zones, both identity (profile data) and access (authorization data) are inherited, such that a user’s effective identity or access are determined by all the profile data and all the access data at all levels of the hierarchy.

Profile data can be defined at any level: parent, child, or computer. It is possible to define a partial profile at any level—that is, leave one or more of the NSS fields blank. Although a complete profile is required to have access to a machine, a profile in a child zone can complete the missing fields from the parent zone. In the case of conflict, profile definitions in a child zone override the definition in the parent zone and computer-level definitions override all zone-level definitions.

On the other hand, role assignments do not override each other. Rather, they accumulate, such that a user’s potential rights include all the rights granted by all the role assignments in the access tree. These are potential rights because rights granted to a user by a role assignment are effective only if the user has a complete profile defined for a zone.

In other words, when a computer joins a zone, the profile tree determines a pool of potential users, the access tree determines a different set of users with rights, and where the two intersect is the set of effective users.

See the WindowsUserclass for a user’s Windows profile.

Methods

The HierarchicalUser class provides the following methods:

This method Does this

AddUserRoleAssignment

Returns a new user role assignment.

Commit

Commits changes to the userUnixProfile object to Active Directory.

(Inherited from UserUnixProfile.)

Delete

Marks the UNIX user profile object for deletion from Active Directory.

(Inherited from UserUnixProfile.)

GetComputer

Returns the computer to which this user profile belongs.

GetDirectoryEntry

Returns the directory entry for a UNIX user profile from Active Directory.

(Inherited from UserUnixProfile.)

GetEffectiveUserRoleAssignments

Returns the effective user role assignments.

GetPrimaryGroup

Returns the UNIX profile of the primary group of the user.

(Inherited from UserUnixProfile.)

GetUserRoleAssignment

Returns a user role assignment for this UNIX user.

GetUserRoleAssignments

Returns all the user role assignments for this UNIX user.

InheritFromParent

Clears all property values so that all UNIX attributes for this user are inherited from the parent zone.

Refresh

Reloads the userUnixProfile object data from the data in Active Directory.

(Inherited from UserUnixProfile.)

ResolveEffectiveProfile

Resolves the effective profile to be used when the user logs on to the computer.

ResolveEffectiveRoles

Resolves the effective roles for this user.

Validate

Validates data in the userUnixProfile object before the changes are committed to Active Directory.

(Inherited from UserUnixProfile.)

Properties

The HierarchicalUser class provides the following properties:

This property Does this

ADsPath

Gets the LDAP path to the UNIX user profile.

(Inherited from UserUnixProfile.)

Cims

Gets the Cims data for the user profile.

(Inherited from UserUnixProfile.)

EffectiveGecos

Gets the contents of the effective GECOS field of the user profile.

EffectiveGecosZone

Gets the hierarchical zone of the effective GECOS.

EffectiveHomeDirectory

Gets the effective home directory of the user.

EffectiveHomeDirectoryZone

Gets the zone of the user’s home directory.

EffectiveIsUseAutoPrivateGroup

Indicates whether this user uses an auto private group (not applicable to local user profiles).

EffectiveName

Gets the user’s effective logon name.

EffectiveNameZone

Gets the zone of the user’s effective UNIX name.

EffectivePrimaryGroup

Gets the effective primary group GID of the user.

EffectivePrimaryGroupZone

Gets the zone of the primary group GID.

EffectiveProfileState

Gets the effective profile state of the local user (local user profiles only).

EffectiveProfileStateZone

Gets the zone which defines the effective profile state

EffectiveShell

Gets the effective logon shell of the user.

EffectiveShellZone

Gets the zone of the effective logon shell.

EffectiveUid

Gets the effective UID of the user.

EffectiveUidZone

Gets the zone of the user’s effective UID.

Gecos

Gets or sets the contents of the GECOS field explicitly set in the user profile of the current zone.

HomeDirectory

Gets or sets the home directory of the user.

(Inherited from UserUnixProfile.)

ID

Gets the unique identifier for the UNIX user profile.

(Inherited from UserUnixProfile.)

IsEffectiveGecosDefined

Indicates whether there is an effective GECOS for this user.

IsEffectiveHomeDirectoryDefined

Indicates whether there is an effective home directory defined for this user.

IsEffectiveNameDefined

Indicates whether there is an effective name for this user.

IsEffectivePrimaryGroupDefined

Indicates whether a primary group is defined for this user.

IsEffectiveProfileStateDefined

Indicates whether there is an effective profile state for this local user (local user profiles only).

IsEffectiveShellDefined

Indicates whether there is an effective shell defined for this user.

IsEffectiveUidDefined

Indicates whether the user has an effective UID.

IsEffectiveUseAutoPrivateGroupDefined

Indicates whether the auto private group flag is defined for this user (not applicable to local user profiles).

IsForeign

Indicates whether the UNIX profile for a user is in a different forest than its corresponding Active Directory user (not applicable to local user profiles).

(Inherited from UserUnixProfile.)

IsGecosDefined

Determines whether the GECOS is defined in this profile.

IsHomeDirectoryDefined

Determines whether the home directory is defined in this profile.

IsNameDefined

Determines whether a name is defined in this profile.

IsOrphan

Indicates whether this UNIX user profile is an orphan (not applicable to local user profiles).

(Inherited from UserUnixProfile.)

IsPrimaryGroupDefined

Determines whether there is a GID defined for this user in this zone.

IsProfileStateDefined

Gets or sets whether the profile state is defined in this local user profile (local user profiles only).

IsReadable

Determines whether the Active Directory object is readable.

(Inherited from UserUnixProfile.)

IsSecondary

Indicates whether this is a secondary profile (not applicable to local user profiles).

IsSFU

Indicates whether this user object uses the Microsoft Services for UNIX (SFU) schema extension (not applicable to local user profiles).

(Inherited from UserUnixProfile.)

IsShellDefined

Determines whether the shell is defined in this profile.

IsUidDefined

Determines whether the ID is defined in this profile.

IsUseAutoPrivateGroup

Determines whether this user uses auto private groups (not applicable to local user profiles).

IsUseAutoPrivateGroupDefined

Determines whether the auto private group flag is defined (not applicable to local user profiles).

IsWritable

Determines whether the Active Directory object is writable.

(Inherited from UserUnixProfile.)

Name

Gets or sets the user name of the UNIX user profile.

(Inherited from UserUnixProfile.)

PrimaryGroup

Gets or sets the GID of the user’s primary group.

(Inherited from UserUnixProfile.)

ProfileState

Gets or sets the profile state of a local user profile (local user profiles only).

(Inherited from UserUnixProfile)

Shell

Gets or sets the user’s default shell.

(Inherited from UserUnixProfile.)

Type

Gets the type of the UNIX user profile.

(Inherited from UserUnixProfile.)

UnixEnabled

Determines whether the UNIX information is enabled.

(Inherited from UserUnixProfile.)

User

Gets the user to whom this UNIX profile belongs (not applicable to local user profiles).

(Inherited from UserUnixProfile.)

UserId

Gets or sets the user identifier (UID) for the user profile.

(Inherited from UserUnixProfile.)

Zone

Gets the zone associated with the UNIX user

(inherited from UserUnixProfile)

Gets the zone to which this user profile belongs.