HierarchicalZone

The HierarchicalZone class represents a hierarchical zone.

Syntax

public interface IHierarchicalZone : IZone

Discussion

The HierarchicalZone class inherits many methods and properties from the Zone class, but adds support for partial profiles and inheritable roles. Under hierarchical zones, both identity (profile data) and access (authorization data) are inherited, such that a user’s effective identity or access are determined by all the profile data and all the access data at all levels of the hierarchy.

See HierarchicalUser for a discussion of profile and access inheritance.

Methods

The HierarchicalZone class provides the following methods:

This method Does this

AddAccessGroup

Adds an empty role assignment to a group

AddComputerRole

Creates a computer role under this zone.

AddGroupPartialProfile

Adds a partial profile for a specified group.

AddLocalGroupPartialProfile

Adds a partial profile for a specified local group.

AddLocalUserPartialProfile

Adds a partial profile for a specified local user.

AddMitUser

Adds an MIT Kerberos realm trusted user to this zone.

(Inherited from Zone.)

AddRoleAssignment

Adds an empty role assignment.

AddUserPartialProfile

Adds a partial profile for a specified user.

Commit

Commits changes to the group object to Active Directory.

(Inherited from Zone.)

CreateCommand

Creates a command right for the zone.

CreateImportPendingGroup

Creates a pending imported group in this zone.

(Inherited from Zone.)

CreateImportPendingUser

Creates a pending imported user in this zone.

(Inherited from Zone.)

CreateNetworkAccess

Creates a network application access right.

CreatePamAccess

Creates a PAM application access right.

CreateRole

Creates a role in the zone.

CreateSshRight

Creates an SSH application access right.

CreateWindowsApplication

Creates a Windows application access right.

CreateWindowsDesktop

Creates a Windows Desktop access right.

Delete

Marks the zone for deletion from Active Directory.

(Inherited from Zone.)

GeneratePredefinedRights

Generates predefined SSH and PAM rights in this zone.

GeneratePredefinedRoles

Generates predefined user roles in this zone.

GetAccessGroup

Returns a group assigned to this zone given a role for the group.

GetAccessGroups

Returns an enumeration of groups in the zone.

GetChildZones

Returns an enumeration of this zone’s child zones.

GetCommand

Returns the privileged command right with a specific name or GUID.

GetCommands

Returns an enumeration of all the privileged command rights in the zone.

GetComputerByDN

Returns the computer profile in the zone given the distinguished name of the profile.

(Inherited from Zone.)

GetComputerRole

Returns a specific computer role under this zone.

GetComputerRoles

Returns an enumeration of all the computer roles under this zone.

GetComputers

Returns an enumeration of all the computers in the zone.

(Inherited from Zone.)

GetComputersContainer

Returns the Active Directory object for the Computers node.

(Inherited from Zone.)

GetDirectoryEntry

Returns the Active Directory object for the zone.

(Inherited from Zone.)

GetDisplayName

Returns the display name of this zone.

(Inherited from Zone.)

GetEffectiveCommands

Returns all the command rights that can be assigned to users in the zone, including inherited rights.

GetEffectiveNetworkAccesses

Returns all the network access rights that can be assigned to users in the zone, including inherited rights.

GetEffectivePamAccesses

Returns all the PAM application access rights that can be assigned to users in the zone, including inherited rights.

GetEffectiveRoles

Returns all the user roles that can be assigned to users in the zone, including inherited roles.

GetEffectiveSshs

Returns all the SSH application access rights that can be assigned to users in the zone, including inherited rights.

GetEffectiveUserUnixProfiles

Returns an enumeration of effective users under this zone.

GetEffectiveWindowsApplications

Returns all the Windows application access rights that can be assigned to users in the zone, including rights inherited from zones higher in the hierarchy.

GetEffectiveWindowsDesktops

Returns all the Windows desktop access rights that can be assigned to users in the zone, including rights inherited from zones higher in the hierarchy.

GetEffectiveWindowsUsers

Returns all the Windows users in the zone, including users inherited from zones higher in the hierarchy.

GetLocalGroupsContainer

Returns the DirectoryEntry of the local groups container.

(Inherited from Zone.)

GetLocalUserUnixProfile

Returns the local UNIX group profile for a specified group name in the zone.

(Inherited from Zone.)

GetLocalUserUnixProfileByDN

Returns a local group profile using the distinguished name (DN) of the profile.

(Inherited from Zone.)

GetLocalGroupUnixProfileByGid (Int32)

Returns the local group profile using the Group Identifier (GID). This method is exposed to the .COM interface.

(Inherited from Zone.)

GetLocalGroupUnixProfiles

Returns a list of the local group profiles in the zone.

(Inherited from Zone.)

GetLocalUsersContainer

Returns the directory entry of the local users container.

(Inherited from Zone.)

GetLocalUserUnixProfile

Returns the local user profile using the specified user name.

(Inherited from Zone.)

GetLocalUserUnixProfileByDN

Returns the local user profile specified by the distinguished name (DN) of the profile.

(Inherited from Zone.)

GetLocalUserUnixProfileByUid (Int32)

Returns the local user profile using the User Identifier (UID). This method is exposed to the .COM interface

(Inherited from Zone.)

GetLocalUserUnixProfiles

Returns a list of the local user profiles in the zone.

(Inherited from Zone.)

GetNetworkAccess

Returns the specified network access right.

GetNetworkAccesses

Returns all the network access rights that can be assigned to users in the zone.

GetGroupsContainer

Returns the Active Directory object for the Groups container.

(Inherited from Zone.)

GetGroupUnixProfile

Returns the UNIX group profile in this zone for the specified Active Directory group.

(Inherited from Zone.)

GetGroupUnixProfileByDN

Returns the UNIX group profile in this zone for the Active Directory group specified by distinguished name.

(Inherited from Zone.)

GetGroupUnixProfileByName

Returns the UNIX group profile in this zone for the Active Directory group specified by group name.

(Inherited from Zone.)

GetGroupUnixProfiles

Returns an enumeration of the UNIX groups in the zone.

(Inherited from Zone.)

GetImportPendingGroup

Returns the group with the specified ID pending import.

(Inherited from Zone.)

GetImportPendingGroups

Returns an enumeration of groups pending import to this zone.

(Inherited from Zone.)

GetImportPendingUser

Returns the user with the specified ID pending import.

(Inherited from Zone.)

GetImportPendingUsers

Returns an enumeration of users pending import to this zone.

(Inherited from Zone.)

GetNetworkAccess

VBScipt interface to access NSS variables.

GetNSSVariables

VBScript interface to obtain all NSS variable names.

GetPamAccess

Returns the PAM application access right with the specified name.

GetPamAccesses

Returns an enumeration of all the PAM application rights in the zone.

GetPrimaryUser

Returns the primary profile for the specified user.

GetRole

Returns the role with the specified name or GUID.

GetRoleAssignment

Returns the role assignment for the specified role and trustee.

GetRoleAssignmentById

Returns the role assignment for the specified GUID.

GetRoleAssigments

Returns an enumeration of all the role assignments in the zone.

GetRoleAssignmentToAllADUsers

Returns the role assignment given to all Active Directory users who have a specified role.

GetRoleAssignmentToAllUnixUsers

Returns the role assignment given to all UNIX users who have a specified role.

GetRoles

Returns an enumeration of all the roles in the zone.

GetSecondaryUsers

Returns an enumeration of the secondary profiles for the specified user.

GetSshRight

Returns the SSH application access right with the specified name.

GetSshRights

Returns an enumeration of all the SSH application rights in the zone.

GetSubTreeRoleAssignments

Returns all role assignments under this zone, including role assignments for computer roles and computers.

GetUserProfiles

Returns an enumeration of all the user profiles for the specified user.

GetUserRoleAssignments

Returns an enumeration of all the user role assignments in the zone.

GetWindowsApplication

Returns the specified Windows application right.

GetWindowsApplications

Returns all the Windows application rights in the zone.

GetWindowsComputers

Returns all the Windows computers in the zone.

GetWindowsDesktop

Returns the specified Windows desktop right.

GetWindowsDesktops

Returns all the Windows desktop rights in the zone.

GetUsersContainer

Returns the directory entry of the Users container.

(Inherited from Zone.)

GetUserUnixProfileByDN

Returns the UNIX user profile in this zone for the user specified by distinguished name.

(Inherited from Zone.)

GetUserUnixProfileByName

Returns the UNIX user profile in this zone for the user specified by user name.

(Inherited from Zone.)

GetUserUnixProfiles

Returns an enumeration of all the UNIX user profiles in the zone.

(Inherited from Zone.)

GroupUnixProfileExists

Indicates whether the group has a profile in this zone.

(Inherited from Zone.)

LocalGroupUnixProfileExists

Indicates whether a UNIX profile exists in the zone for the specified local group.

(Inherited from Zone.)

LocalUserUnixProfileExists

Indicates whether a UNIX profile exists in the zone for the specified local user.

(Inherited from Zone.)

PrecreateComputerZone

Adds a computer zone to a computer object in this zone.

Refresh

Refreshes the data in this object instance from the data stored in Active Directory.

(Inherited from Zone.)

SetNSSVariable

VBScript interface to set the values of NSS variables.

UserUnixProfileExists

Indicates whether the specified user has a profile in this zone.

(Inherited from Zone.)

Properties

The HierarchicalZone class provides the following properties:

This property Does this

AdsiInterface

Gets the IADs interface of the zone object in Active Directory.

(Inherited from Zone.)

ADsPath

Gets the LDAP path to the zone object.

(Inherited from Zone.)

AgentlessAttribute

Gets or sets the attribute used to store the password hash for an agentless client.

(Inherited from Zone.)

AvailableShells

Gets or sets an enumeration of available user login shells.

(Inherited from Zone.)

Cims

Gets the Cims object managing this zone.

(Inherited from Zone.)

DefaultGroup

Gets or sets the default group for new users.

(Inherited from Zone.)

DefaultHomeDirectory

Gets or sets the default login directory for new users.

(Inherited from Zone.)

DefaultShell

Gets or sets the default login shell for new users.

(Inherited from Zone.)

DefaultValueZone

Gets or sets the zone to use for default zone values.

(Inherited from Zone.)

Description

Gets or sets the description of the zone.

(Inherited from Zone.)

FullName

Gets or sets the full name of the zone.

(Inherited from Zone.)

GroupAutoProvisioningEnabled

Indicates whether auto-provisioning of group profiles is enabled for the zone.

(Inherited from Zone.)

GroupDefaultName

Gets or sets the default group name.

ID

Gets the unique identifier for the zone.

(Inherited from Zone.)

IsChild

Indicates whether this is a child zone.

IsGroupDefaultNameDefined

Indicates whether the group default name is defined.

IsHierarchical

Indicates whether this is a hierarchical zone.

(Inherited from Zone.)

IsNextGidDefined

Gets or sets whether Next GID value is configured for this zone.

IsNextUidDefined

Gets or sets whether Next UID value is configured for this zone.

IsReadable

Indicates whether this zone object in Active Directory is readable with the current user credentials.

(Inherited from Zone.)

IsSFU

Indicates whether the zone uses the Microsoft Services for UNIX (SFU) schema extension.

(Inherited from Zone.)

IsTruncateName

Indicates whether this is a TruncateName zone.

(Inherited from Zone.)

IsUseAutoPrivateGroupDefined

Determines whether the UseAutoPrivateGroup flag is defined.

IsUserDefaultGecosDefined

Determines whether the user default GECOS is defined in this profile.

IsUserDefaultHomeDirectoryDefined

Determines whether the user default home directory is defined in this profile.

IsUserDefaultNameDefined

Determines whether the user default name is defined in this profile.

IsUserDefaultPrimaryGroupDefined

Determines whether the user default primary group is defined in this profile.

IsUserDefaultRoleDefined

Determines whether the user default role is defined in this profile.

IsUserDefaultShellDefined

Determines whether the user default login shell is defined in this profile.

IsWritable

Indicates whether this zone object is writable using the provided credential.

(Inherited from Zone.)

Licenses

Gets or sets the license container for the zone.

(Inherited from Zone.)

MasterDomainController

Gets or sets the master domain controller for the zone.

(Inherited from Zone.)

MustMaintainADGroupMembership

Indicates whether Active Directory group membership must be maintained.

(Inherited from Zone.)

Name

Gets or sets the name of the zone.

(Inherited from Zone.)

NextAvailableGID

Gets or sets the next GID to be used when adding a group (32-bit for COM programs).

(Inherited from Zone.)

NextAvailableUID

Gets or sets the next UID to be used when adding a user (32-bit for COM programs).

(Inherited from Zone.)

NextGID

Gets or sets the next GID to be used when adding a group (64-bit for .NET modules).

(Inherited from Zone.)

NextUID

Gets or sets the next UID to be used when adding a user (64-bit for .NET modules).

(Inherited from Zone.)

NISDomain

Gets or sets the NIS domain associated with this SFU zone.

(Inherited from Zone.)

NssVariables

Gets the map of profile variables.

Parent

Gets or sets the parent of this zone.

ReservedGID

Gets or sets the list of GIDs not to be used when adding groups.

(Inherited from Zone.)

ReservedUID

Gets or sets the list of UIDs not to be used when adding users.

(Inherited from Zone.)

Schema

Gets the schema of the zone.

(Inherited from Zone.)

SFUDomain

Gets or sets the Active Directory domain associated with this SFU zone for retrieving SFU information.

(Inherited from Zone.)

UseAppleGid

Determines whether to use the Apple algorithm to automatically generate the GID when adding a group. The Apple algorithm is based on the globally unique identifier (GUID) for the object.

UseAppleUid

Determines whether to use the Apple algorithm to automatically generate the UID when adding a user. The Apple algorithm is based on the globally unique identifier (GUID) for the object.

UseAutoGid

Determines whether to use the Centrify algorithm to automatically generate the GID when adding a group. The Centrify algorithm is based on the security identifier (SID) for the object.

UseAutoPrivateGroup

Determines whether this zone defaults to use an auto private group when adding a zone user.

UseAutoUid

Determines whether to use the Centrify algorithm to automatically generate the UID when adding a user. The Centrify algorithm is based on the security identifier (SID) for the object.

UseNextGid

Determines whether to use the NextGID property when adding a group.

UseNextUid

Determines whether to use the NextUID property when adding a user.

UserAutoProvisioningEnabled

Indicates whether auto-provisioning of user profiles is enabled for the zone.

(Inherited from Zone.)

UserDefaultGecos

Gets or sets the default GECOS field for new user profiles.

UserDefaultGid

Gets or sets the user default GID when adding a new user profile.

UserDefaultName

Gets or sets the default user name for a new user profile.

UserDefaultPrimaryGroup

Gets or sets the user default GID for new user profiles; for use in VBScript scripts.

UserDefaultRole

Gets or sets the default role for a new user profile.

Version

Gets the version number of the data schema.

(Inherited from Zone.)