The zone object class is stored as a container object. The common name (cn) of the object must be set to the zone name. Most of the other attributes for a zone are stored as pseudo‑attributes using the Active Directory description attribute. The following table summarizes how zone attributes are stored in Active Directory for hierarchical Centrify zones.
| Zone attribute | Stored in Active Directory attribute | Inherited |
|
ZoneName |
cn:ZoneName For example: cn:global |
No |
|
Description |
description:description:value For example: description:description:Pilot-NA |
No |
|
AvailableShells |
description:availableshells:shell1:shell2 For example: description:availableshells:/bin/sh |
Yes |
|
DefaultShell |
description:defaultshell:value or description:defaultshell:%{shell} For example: description:defaultshell:/bin/bash |
Yes |
|
DefaultHomeDirectory |
description:defaulthome:value or description:defaulthome:%{home}/%{user} For example: description:defaulthome:/nfs/jsmith |
Yes |
|
UserDefaultGecos |
description:defaultgecos:${u:cn} For example: description:defaulttgecos:${u:upn} |
Yes |
|
customVariable |
description:%variablename:value One for each variable. For example: description:%admin:sAMAccountName |
Yes |
|
ReservedUids |
description:uidreserved:value This attribute can be a multi-valued list, using a colon as the separator. Values can be individual numbers or a range of numbers separated with a dash character (‑). For example: description:uidreserved:0-99:501 |
Yes |
|
ReservedGids |
description:gidreserved:value This attribute has the same format as the reserveduids attribute. For example: description:gidreserved:1000-2500 |
Yes |
|
UserDefaultUid |
description:defaultuid:value Set value to ${uidnext} to use the zone’s cram attribute uidnext. The cram attribute is where the key-value pairs ("name:value") are stored. Set value to ${autosid} to generate the UID from the domain SID and user RID. For example: description:defaultuid:${autosid} |
Yes |
|
DefaultGroup |
description:defaultgid:value Set value to -1 to use private groups. For example: description:defaultgid:12098 |
Yes |
|
UserDefaultName |
description:username:${u:sAMAccountName} |
Yes |
|
UserDefaultRole |
description:defaultrole:role-name |
Yes |
|
GroupDefaultGid |
description:defaultgroupgid:value Set value to ${gidnext} to use the zone’s cram attribute gidnext in classic zones. Set value to ${autosid} to generate the GID from the domain SID and group RID in hierarchical zones. For example: description:defaultgid:${autosid} |
Yes |
|
GroupDefaultName |
description:groupname:${g:CN} |
Yes |
|
NISDomain |
description:nisdomain:name |
Yes |
|
Schema |
description:schema:name Possible values are:
For example: description:Cchema:DC_GENERIC |
No |
|
AgentlessAttribute |
description:pwsync:attributeName For example: description:pwsync:msSFU30Password |
Yes |
|
Licenses |
description:license:guid |
Yes |
|
SFUDomain |
description:alternateDomain:domain.name This is a multi-value attribute. Multi-value attributes are possible because the keyword and value are combined, making each line of the description-keyword string unique. |
Yes |
|
Parent |
description:parentLink:MS-GUID@DOMAIN.NAME For example: samAccountName@domain.name[:N]: "joe@ajax.com" |
No |
|
objectType |
displayName=$CimsZoneVersionnumber where the zone version number can be:
|
No |
Doc Feedback