create_zone
Use the create_zone command to create a new zone in Active Directory. The command does not store the new zone in memory nor set it as the currently selected ADEdit zone. To manage the zone, you must select it using select_zone and then use zone commands.
This command can create different types of zones and the zones can use different types of schemas, depending on the schema you are using for Active Directory. Before the zone is created, however, ADEdit checks for a valid license.
The create_zone command first checks the ADEdit context for a valid license indicator for the forest. If an indicator is not found in the context, the command checks for a valid license as follows:
- Bind to the global catalog (GC) domain controller, search the forest for the license container and validate the license.
- Bind to the current domain, search for the license container and validate the license.
If the command finds a valid license, it stores an indicator in the current context and creates the new zone. If it does not find a valid license, create_zone reports “No valid license found” and exits. If the command fails, use the validate_license command to validate the license container explicitly.
Zone Type
Classic and hierarchical
Syntax
create_zone [-ou] [-nonisserversgroup] [-notdelegateanyright] zone_type path [schema_type]
Abbreviation
cz
Options
This command takes the following options:
| Option | Description |
|---|---|
| -nonisserversgroup | Creates the new zone without the zone_nis_servers group. |
| -notdelegateanyright | Creates the new zone but does not set the zone permissions. If you use this option, be sure to set the zone permissions later. |
| -ou | Creates the new zone as an organizational unit object. If not present, the new zone is created as a container object. Note that the parent container determines what type of object the zone can be. If the parent container is a generic container object, the zone must be a container object. If the parent container is an organizational unit object, the zone can be either an organizational unit object or a container object. |
Arguments
This command takes the following arguments:
| Argument | Type | Description |
|---|---|---|
| zone_type | string | Required. The possible values are: tree specifies a hierarchical zone that can be a parent or child zone. classic3 specifies a classic zone that is compatible with agent version 3 and later. classic4 specifies a classic zone that is compatible with agent version 4 and later. computer specifies a computer-level zone that consists of a single computer in a hierarchical zone. This zone type is used to support computer-level overrides for user and group profiles and role assignments. It is not applicable in classic zones. classic-computer specifies a computer-level zone that consists of a single computer in a classic zone. This zone type is used to enable you to assign a role to a specific computer in classic zones. It is not applicable in hierarchical zones. |
| path | string | Required. Specifies a path to the new zone. The path consists of the new zone’s distinguished name (DN) and (if a computer override) the name of the computer. |
| schema_type | string | Optional. Specifies the type of schema to use for the new zone. The possible values are: sfu specifies the Microsoft Services For UNIX schema. This setting can be used for tree, classic3, and classic4 zone types. If it’s used for a hierarchical zone, it can only be the root of the zone hierarchy. std specifies the dynamic schema. This setting can be used for all zone types. This is the default schema unless ADEdit detects the RFC2307 schema. rfc specifies the RFC2307 schema.This setting can be used for all zone types. This is the default schema if ADEdit detects that RFC2307 is installed and the domain is at Windows Server 2003 functional level. If none of these values is present, the default is either std or rfc as described above. |
Return Value
This command returns no value if it runs successfully.
Examples
The following examples illustrate how to create a classic zone, hierarchical zone, and computer-specific zone in Server Suite 2012 and later.
Classic Zone
The following command creates a classic zone named finance in the Acme organizational unit in the acme.com domain that uses the dynamic schema (std):
create_zone classic4 “CN=finance,OU=Acme,DC=acme,DC=com” std
Hierarchical Zone
The following command creates a new hierarchical parent zone named finance in the Zones container in the Acme organizational unit in the acme.com domain:
create_zone tree “CN=finance,CN=Zones,OU=Acme,DC=acme,DC=com” std
To make the finance zone a child zone within a global zone already created in the same container, OU, and domain, you would next select finance to make it the currently selected zone, then use set_zone_field (szf) to specify the global zone as its parent, and the save finance. For example:
select_zone “CN=finance,CN=Zones,OU=UNIX,DC=acme,DC=com” szf parent “CN=global,CN=Zones,OU=UNIX,DC=acme,DC=com” save_zone
Computer-specific Zone
The following command creates a computer-specific zone for the computer srv1 in the apache zone, which is a child of the global zone, in the Zones container in the Acme organizational unit in the acme.com domain.
create_zone computer svr1.acme.com@CN=apache,CN=global,CN=Zones,OU=Acme,DC=acme,DC=com
Related Commands
Before you use this command, you must bind to one or more Active Directory domains. The following command enables you to store a newly created zone in memory:
select_zoneretrieves a zone from Active Directory and stores it in memory.
After you have created a new zone and stored it in memory, you can use the following commands to work with that zone:
delegate_zone_rightdelegates a zone use right to a specified user or computer.delete_zonedeletes the selected zone from Active Directory and memory.get_child_zonesreturns a Tcl list of child zones, computer roles, or computer zones.get_zone_fieldreads a field value from the currently selected zone.get_zone_nss_varsreturns the NSS substitution variable for the selected zone.save_zonesaves the selected zone with its current settings to Active Directory.set_zone_fieldsets a field value in the currently selected zone.
