Specify the Active Directory groups to include in the Auto Zone.
By default all Active Directory groups are included. When you specify one or more groups in this parameter, the groups specified are assigned a group ID on this computer.
Note: If an Active Directory user specified in "Specify AD users allowed in Auto Zone" is a member of a group and that group is NOT specified in "Specify AD groups allowed in Auto Zone", that group is ignored.
Any groups listed under "Specify AD groups allowed in Auto Zone" can be domain local, global or universal groups. They must be security groups; however, distribution groups are not supported.
You specify each group by name or you can list the groups in a file. The group name can be specified in any of the following formats:
- SAM account name: sAMAccountName@domain.com
(specify the domain if the group is not in the current domain)
- User Principal Name: email@example.com
- NTLM: DOMAIN+sAMAccountName
- Full DN: CN=commonName,...,DC=domain_component,DC=domain_component
- Canonical Name: domain.com/container/cn
If a name contains space characters, you can put the name in double quotes or escape the space characters using backslashes:
e.g. "Domain Admins", Domain\ Users
adclient writes any name that is not recognized to the Centrify DirectControl log file.
You can enter the list of groups separated by comma, for example:
centrify_groups, "Domain Admins", Domain\ Users, group1, firstname.lastname@example.org, DOMAIN+group3, CN=group4\,CN=Users\,DC=domain\,DC=com, domain.com/Users/group5
You can also use a file to specify groups. In the file, enter each name line by line. You can mix name formats, for example:
This policy modifies the auto.schema.groups setting in the Centrify DirectControl configuration file.