Assign Users to Manage UNIX Attributes in Directory Integrated Mode

This section applies to AD Bridge administrators that are working in an AD Bridge Directory Integrated - Default Cell mode environment.

In a Named Cell environment, you can use the Delegation of Control wizard accessible from the Cell Manager.

  1. In Active Directory Users and Computers, right-click the OU, and then select Properties.
  2. Select the Security tab.
  3. Click Advanced, and then click Add.
  4. Select Select a Principal.
  5. Select the user or group that you are delegating permissions to, and then click OK.
  6. From the Type menu, select Allow.
  7. From the Applies to menu, select the object type that the permissions will apply to.
  8. An image of the Permission Entry screen in Directory Inegrated Mode.

  9. Go through the list of properties and select the UNIX attributes:

For a list of the required properties, please see Provision User Accounts and Provision Group Accounts.

 

  1. Click OK.

Provision User Accounts

When provisioning UNIX user accounts, AD Bridge administrators must be able to manage the following RFC2307 attributes:

  • displayName
  • GECOS
  • gidNumber
  • loginShell
  • uidNumber
  • uid
  • unixHomedirectory

Provision Group Accounts

When provisioning UNIX groups, AD Bridge administrators must be able to manage the following RFC2307 attributes:

  • description
  • gidNumber
  • displayName. You must set the permission in adsiedit.msc.