Zone Attributes in Standard Hierarchical Zones
The zone object class is stored as a container object. The common name (cn) of the object must be set to the zone name. Most of the other attributes for a zone are stored as pseudoattributes using the Active Directory description attribute. The following table summarizes how zone attributes are stored in Active Directory for hierarchical Delinea zones.
| Zone attribute | Stored in Active Directory attribute | Inherited |
|---|---|---|
ZoneName
|
cn:ZoneName For example: cn:global |
No |
Description
|
description:description:value For example: description:description:Pilot-NA |
No |
AvailableShells
|
description:availableshells:shell1:shell2 For example: description:availableshells:/bin/sh |
Yes |
DefaultShell
|
description:defaultshell:valueor description:defaultshell:%{shell} For example: description:defaultshell:/bin/bash |
Yes |
DefaultHomeDirectory
|
description:defaulthome:value or description:defaulthome:%{home}/%{user} For example: description:defaulthome:/nfs/jsmith |
Yes |
UserDefaultGecos
|
description:defaultgecos:\${u:cn} For example: description:defaulttgecos:\${u:upn} |
Yes |
customVariable
|
description:%variablename:value One for each variable. For example: description:%admin:sAMAccountName |
Yes |
ReservedUids
|
description:uidreserved:value This attribute can be a multi-valued list, using a colon as the separator. Values can be individual numbers or a range of numbers separated with a dash character (). For example: description:uidreserved:0-99:501 |
Yes |
ReservedGids
|
description:gidreserved:value This attribute has the same format as the reserveduids attribute. For example: description:gidreserved:1000-2500 |
Yes |
UserDefaultUid
|
description:defaultuid:value Set value to \${uidnext} to use the zone's cram attribute uidnext. The cram attribute is where the key-value pairs ("name:value") are stored. Set value to \${autosid} to generate the UID from the domain SID and user RID. For example: description:defaultuid:\${autosid} |
Yes |
DefaultGroup
|
description:defaultgid:value Set value to -1 to use private groups. For example: description:defaultgid:12098 |
Yes |
UserDefaultName
|
description:username:\${u:sAMAccountName}
|
Yes |
UserDefaultRole
|
description:defaultrole:role-name
|
Yes |
GroupDefaultGid
|
description:defaultgroupgid:value Set value to \${gidnext} to use the zone's cram attribute gidnext in classic zones. Set value to \${autosid} to generate the GID from the domain SID and group RID in hierarchical zones. For example: description:defaultgid:\${autosid} |
Yes |
GroupDefaultName
|
description:groupname:\${g:CN}
|
Yes |
NISDomain
|
description:nisdomain:name
|
Yes |
Schema
|
description:schema:name Possible values are: CDC_RFC_2307 (for a classic RFC 2307 zone) CDC_GENERIC (for a classic Delinea zone) SFU_3_0 (For a classic SFU-compliant R2 schema zone) SFU_3_0V1 (For a classic SFU-compliant zone) For example: description:Cchema:DC_GENERIC |
No |
AgentlessAttribute
|
description:pwsync:attributeName For example: description:pwsync:msSFU30Password |
Yes |
Licenses
|
description:license:guid
|
Yes |
SFUDomain
|
description:alternateDomain:domain.name This is a multi-value attribute. Multi-value attributes are possible because the keyword and value are combined, making each line of the description-keyword string unique. |
Yes |
Parent
|
description:parentLink:MS-GUID@DOMAIN.NAME For example: samAccountName@domain.name[:N]: "joe@ajax.com" |
No |
objectType
|
displayName=\$CimsZoneVersionnumber where the zone version number can be: \$CimsUserVersion4 for a Delinea zone \$CimsUserVersion5 for a RFC 2307 zone |
No |
