Adding users in a one-way trust environment

This chapter explains how to add a user in a one-way trust environment by using the Centrify Windows API.

To add a user in a one-way trust environment, follow these steps:

  1. Select an account in a domain that is in a one-way trust relationship with the remote forest so that the account has access to resources in both domains.

    For example, suppose the corporate domain is trusted by the remote domain, which is where you intend to add a user. Select an account in the domain that can access resources in the domain.

  2. Verify that the selected account has permission to modify a zone.

    You can use the zone delegation wizard to add this permission to the selected account. By default, if the user account is a member of the Domain Administrators group in, you have the necessary permissions.

  3. Use Cims.Connect() to connect to the domain to get the Cims object.
  4. Obtain an IADsUser object for the remote forest user that you will add to the zone.

    To obtain an IADsUser for using VBScript, for example, use the following code:

    u = GetObject(LDAPCOMPANY.CORP.NETCN=UserName,CN=Users,DC=wonder,DC=land) 

    If you log in as a domain user from, you should have sufficient permission.

  5. Get the User object by passing the IADsUser object you obtained in the previous step to cims.GetUser(x).
  6. With the User object, you can use User.AddUnixProfile() to add the zone profile.