delegate_zone_right
Use the delegate_zone_right command to delegate an administrative right for the currently selected zone to a security principal (user or group). Zone rights allow a user or group to use and manage zone properties, including computer-specific zone properties and computer roles.
Zone Type
Classic and hierarchical
Syntax
delegate_zone_right right principal_upn
Abbreviation
None.
Options
This command takes no options.
Arguments
This command takes the following arguments:
| Argument | Type | Description |
|---|---|---|
| right | string | Required. Specifies the right to delegate. Possible values: add_computer_role: The right to add computer roles to the zone. add_computer_zone: The right to add computer-specific zones. add_group: The right to add groups to the zone. |
| add_nismap: The right to add NIS maps to the zone. add_remove_nismap_entry: The right to add or remove NIS map entries. add_user: The right to add users to the zone. | ||
| add_user_group_to_computer_zone: The right to add user and group overrides to the selected computer-specific zone. change_user: The right to modify user profiles in the zone. change_group: The right to modify group profiles in the zone. | ||
| change_computer: The right to modify computer profiles in the zone. change_zone: The right to change zone properties. delegate_permission_for_computer_zone: The right to delegate permissions to other users for computer-specific zones. | ||
| right (continued) | string (continued) | delete_computer: The right to remove computers from the zone. delete_computer_role: The right to delete computer roles in the zone. delete_computer_zone: The right to delete computer-specific zones. |
| delete_group: The right to remove groups from the zone. delete_user: The right to remove users from the zone. delete_user_group_from_computer_zone: The right to delete user and group overrides from the selected computer-specific zone. | ||
| delete_zone: The right to remove the zone. enable_dz: The right to initialize authorization (privilege elevation service) data. This right is only applicable in classic zones. import: The right to import users and groups into the zone. | ||
| join: The right to join computers to the zone. manage_role_assignments: The right to modify the roles assigned in zones, computer-specific zones, and computer roles. manage_roles_and_rights: The right to modify role definitions and access rights. | ||
| modify_computer_role: The right to modify computer role entries. This right is not applicable in classic zones. modify_nismap_entry: The right to modify NIS map entries. modify_user_group_in_computer_zone: The right to modify user and group overrides in the selected computer-specific zone. | ||
| right (continued) | string (continued) | nisservers: The right to allow computers to respond to NIS client requests. remove_nismap: The right to remove NIS maps. |
| principal_upn | string | Required. Specifies the user principal name (UPN) of a user or group in Active Directory to delegate the specified right to. |
Return Value
This command returns no value if it runs successfully.
Examples
delegate_zone_right add_user adam.avery@acme.com
This example delegates the right to add users to the currently selected zone to the Active Directory user Adam Avery.
Related Commands
Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a zone to work with:
create_zonecreates a new zone in Active Directory.get_zonesreturns a Tcl list of all zones within a specified domain.select_zoneretrieves a zone from Active Directory and stores it in memory.
After you have a zone stored in memory, you can use the following commands to work with that zone:
delegate_zone_rightdelegates a zone use right to a specified user or computer.delete_zonedeletes the selected zone from Active Directory and memory.get_child_zonesreturns a Tcl list of child zones, computer roles, or computer zones.get_zone_fieldreads a field value from the currently selected zone.get_zone_nss_varsreturns the NSS substitution variable for the selected zone.save_zonesaves the selected zone with its current settings to Active Directory.set_zone_fieldsets a field value in the currently selected zone.
