Specify Groups of AD Users Allowed in Auto Zone
Specify the Active Directory users that are included in the Auto Zone by specifying the groups whose members should be included. By default, all Active Directory users are included in the Auto Zone. When you enable this policy, only the users listed for the Specify AD Users Allowed in Auto Zone policy and members of the listed groups (including members of nested groups under these groups and users' whose primary group are set to these groups) are included in the Auto Zone.
You can manually enter each group name separated by a comma, or click List, then Add, to browse for groups to add. If you manually add groups, use one of the following formats:
- SAM account name
NTLM: DOMAIN\\sAMAccountName (also DOMAIN/sAMAccountName)- UPN or
sAMAccountName@domain Full DN: CN=commonName, …,DC=domain_component, DC=domain_component,…Canonical Name : domain.com/container1/cn
You can also specify the groups in a file.
Any groups listed may be domain local, global, or universal security groups. Distribution groups are not supported.
This policy does not include the group in Active Directory Auto Zone, just the users in that group. This means that the group is not automatically assigned a GID. Use the Specify AD Groups Allowed in Auto Zone group policy to include a group in the Auto Zone and assign it a GID.
Auto Zone does not support one-way trusts. Therefore, any users in the group who belong to a domain that has a one-way trust relationship to the joined domain do not become valid users on the computer.
This group policy modifies the auto.schema.allow.groups parameter in the agent configuration file.
