HierarchicalUser

The HierarchicalUser class manages the UNIX user profile information of an Active Directory user in a hierarchical zone.

Syntax

public interface IHierarchicalUser : IUserUnixProfile

Discussion

In hierarchical zones, both identity (profile data) and access (authorization data) are inherited, such that a user's effective identity or access are determined by all the profile data and all the access data at all levels of the hierarchy.

Profile data can be defined at any level: parent, child, or computer. It is possible to define a partial profile at any level — that is, leave one or more of the NSS fields blank. Although a complete profile is required to have access to a machine, a profile in a child zone can complete the missing fields from the parent zone. In the case of conflict, profile definitions in a child zone override the definition in the parent zone and computer-level definitions override all zone-level definitions.

On the other hand, role assignments do not override each other. Rather, they accumulate, such that a user's potential rights include all the rights granted by all the role assignments in the access tree. These are potential rights because rights granted to a user by a role assignment are effective only if the user has a complete profile defined for a zone.

In other words, when a computer joins a zone, the profile tree determines a pool of potential users, the access tree determines a different set of users with rights, and where the two intersect is the set of effective users.

See the WindowsUser class for a user's Windows profile.

Methods

The HierarchicalUser class provides the following methods:

Method Description
AddUserRoleAssignment Returns a new user role assignment.
Commit Commits changes to the userUnixProfile object to Active Directory. (Inherited from UserUnixProfile.)
Delete Marks the UNIX user profile object for deletion from Active Directory. (Inherited from UserUnixProfile.)
GetComputer Returns the computer to which this user profile belongs.
GetDirectoryEntry Returns the directory entry for a UNIX user profile from Active Directory. (Inherited from UserUnixProfile.)
GetEffectiveUserRoleAssignments Returns the effective user role assignments.
GetPrimaryGroup Returns the UNIX profile of the primary group of the user. (Inherited from UserUnixProfile.)
GetUserRoleAssignment Returns a user role assignment for this UNIX user.
GetUserRoleAssignments Returns all the user role assignments for this UNIX user.
InheritFromParent Clears all property values so that all UNIX attributes for this user are inherited from the parent zone.
Refresh Reloads the userUnixProfile object data from the data in Active Directory. (Inherited from UserUnixProfile.)
ResolveEffectiveProfile Resolves the effective profile to be used when the user logs on to the computer.
ResolveEffectiveRoles Resolves the effective roles for this user.
Validate Validates data in the userUnixProfile object before the changes are committed to Active Directory. (Inherited from UserUnixProfile.)

Properties

The HierarchicalUser class provides the following properties:

Gets the zone associated with the UNIX user (inherited from UserUnixProfile) Gets the zone to which this user profile belongs.
property Description
ADsPath Gets the LDAP path to the UNIX user profile. (Inherited from UserUnixProfile.)
Cims Gets the Cims data for the user profile. (Inherited from UserUnixProfile.)
EffectiveGecos Gets the contents of the effective GECOS field of the user profile.
EffectiveGecosZone Gets the hierarchical zone of the effective GECOS.
EffectiveHomeDirectory Gets the effective home directory of the user.
EffectiveHomeDirectoryZone Gets the zone of the user's home directory.
EffectiveIsUseAutoPrivateGroup Indicates whether this user uses an auto private group (not applicable to local user profiles).
EffectiveName Gets the user's effective logon name.
EffectiveNameZone Gets the zone of the user's effective UNIX name.
EffectivePrimaryGroup Gets the effective primary group GID of the user.
EffectivePrimaryGroupZone Gets the zone of the primary group GID.
EffectiveProfileState Gets the effective profile state of the local user (local user profiles only).
EffectiveProfileStateZone Gets the zone which defines the effective profile state
EffectiveShell Gets the effective logon shell of the user.
EffectiveShellZone Gets the zone of the effective logon shell.
EffectiveUid Gets the effective UID of the user.
EffectiveUidZone Gets the zone of the user's effective UID.
Gecos Gets or sets the contents of the GECOS field explicitly set in the user profile of the current zone.
HomeDirectory Gets or sets the home directory of the user. (Inherited from UserUnixProfile.)
ID Gets the unique identifier for the UNIX user profile. (Inherited from UserUnixProfile.)
IsEffectiveGecosDefined Indicates whether there is an effective GECOS for this user.
IsEffectiveHomeDirectoryDefined Indicates whether there is an effective home directory defined for this user.
IsEffectiveNameDefined Indicates whether there is an effective name for this user.
IsEffectivePrimaryGroupDefined Indicates whether a primary group is defined for this user.
IsEffectiveProfileStateDefined Indicates whether there is an effective profile state for this local user (local user profiles only).
IsEffectiveShellDefined Indicates whether there is an effective shell defined for this user.
IsEffectiveUidDefined Indicates whether the user has an effective UID.
IsEffectiveUseAutoPrivateGroupDefined Indicates whether the auto private group flag is defined for this user (not applicable to local user profiles).
IsForeign Indicates whether the UNIX profile for a user is in a different forest than its corresponding Active Directory user (not applicable to local user profiles). (Inherited from UserUnixProfile.)
IsGecosDefined Determines whether the GECOS is defined in this profile.
IsHomeDirectoryDefined Determines whether the home directory is defined in this profile.
IsNameDefined Determines whether a name is defined in this profile.
IsOrphan Indicates whether this UNIX user profile is an orphan (not applicable to local user profiles). (Inherited from UserUnixProfile.)
IsPrimaryGroupDefined Determines whether there is a GID defined for this user in this zone.
IsProfileStateDefined Gets or sets whether the profile state is defined in this local user profile (local user profiles only).
IsReadable Determines whether the Active Directory object is readable. (Inherited from UserUnixProfile.)
IsSecondary Indicates whether this is a secondary profile (not applicable to local user profiles).
IsSFU Indicates whether this user object uses the Microsoft Services for UNIX (SFU) schema extension (not applicable to local user profiles). (Inherited from UserUnixProfile.)
IsShellDefined Determines whether the shell is defined in this profile.
IsUidDefined Determines whether the ID is defined in this profile.
IsUseAutoPrivateGroup Determines whether this user uses auto private groups (not applicable to local user profiles).
IsUseAutoPrivateGroupDefined Determines whether the auto private group flag is defined (not applicable to local user profiles).
IsWritable Determines whether the Active Directory object is writable. (Inherited from UserUnixProfile.)
Name Gets or sets the user name of the UNIX user profile. (Inherited from UserUnixProfile.)
PrimaryGroup Gets or sets the GID of the user's primary group. (Inherited from UserUnixProfile.)
ProfileState Gets or sets the profile state of a local user profile (local user profiles only). (Inherited from UserUnixProfile)
Shell Gets or sets the user's default shell. (Inherited from UserUnUserUnixProfileixProfile.)
Type Gets the type of the UNIX user profile. (Inherited from UserUnixProfile.)
UnixEnabled Determines whether the UNIX information is enabled. (Inherited from UserUnixProfile.)
User Gets the user to whom this UNIX profile belongs (not applicable to local user profiles). (Inherited from UserUnixProfile.)
UserId Gets or sets the user identifier (UID) for the user profile. (Inherited from UserUnixProfile.)
Zone