Implementation Guide › Installing and Customizing a UNAB Host › How to Implement Full Integration Mode › Delegating UNIX Administrators the Privileges to Manage UNIX Users and Groups Attributes

Delegating UNIX Administrators the Privileges to Manage UNIX Users and Groups Attributes

For UNIX administrators to manage UNIX users and groups attributes in Active Directory, you can delegate specific management privileges over to UNIX administrators. Delegating the management privileges enables the UNIX administrators to continue managing the UNIX users and groups attributes after they are migrated to Active Directory.

Before you delegate the management privileges, verify that you installed a tool that lets you manage the UNIX attributes of Active Directory users. We recommend that you delegate management privileges to a group, rather than to individual users.

Example: Delegating UNIX administrators the privileges to manage UNIX users and groups attributes

The following example shows you how to delegate the privileges for managing UNIX users and groups in Active Directory to a group of UNIX administrators.

1. On the Active Directory computer, click Start, Programs, Administrative Tools, Active Directory Users and Computers.

   The Active Directory Users and Computers management console opens.

2. Right click the Organizational Unit (OU) and select Properties.

   The Organizational Unit properties window opens.

3. Select the Security tab.

   Note: If you do not see the Security tab, verify that the Advanced Features option, under the View tab, is highlighted.

4. Click Advanced, then click the Add button.

   The Select User, Computer or Group window opens.

5. Enter the name of the group or users to delegate management privileges to. Click OK.

   The Permission Entry window opens.

6. Click the Properties tab.

   You assign permissions to the group or users in this window.

7. From the Apply Onto menu, select Group Objects.
8. Select the Read gidNumber and Write gidNumber options from the Allow column.
9. Click OK.

   You have delegated management attributes over UNIX groups to the UNIX administrators group.

10. Repeat Steps 1-6 to delegate management privileges over UNIX users.
11. From the Apply Onto menu, select Users Objects.
12. Select the following attributes from the Allow column:
    • Read Gecos
    • Write Gecos
    • Read gidNumber
    • Write gidNumber
    • Read uid
    • Write uid
    • Read uidNumber
    • Write uidNumber
    • Read unixHomeDirectory
    • Write unixHomeDirectory
    • Read loginShell
    • Write LoginShell
13. Click OK.

    You have delegated management attributes over UNIX users to the UNIX administrators group.