Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2986: How to use the "Map zone groups to local group" GP for Mac systems

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:08 AM

Applies to: Centrify DirectControl for Mac OS X

 
Question:
 
How to configure the "Map zone groups to local group" GP from the following location?:
 
  Computer Configuration / Centrify Settings / Mac OS X Settings / Accounts / "Map zone groups to local group"

 
Answer:
 
Note: This information is also available on page 109 of the Centrify Admin Guide for Mac OS X:
 
 
Example local groups:
 
To allow AD users to manage printers, use this GP to map AD groups into the local groups _lpadmin and _lpoperator.


=== Auto Zone ===
 
Open Group Policy Management and edit the appropriate GPO:
  1. Enable the policy and select "Add"
  2. Enter the name of the local group from the Mac that the users will be added to. (E.g. _lpadmin)
  3. Select "Browse" to add the desired AD group
  4. Changes will take effect after the next group policy update
 
 
=== Zone Mode ===
 
Be certain to add the AD group into the desired Zone in Centrify DirectManage.
  1. Open Group Policy Management and edit the appropriate GPO:
  2. Enable the policy and select "Add"
  3. Enter the name of the local group from the Mac that the users will be added to.
  4. Enter the UNIX name of the Zone group the users are coming from and click OK. 
  5. Steps 1-3 can be repeated multiple times to map the Zone group to more than one local group.
  6. Changes will take effect after the next group policy update
  
 
 
 
Note: 
 
To map a group of AD users to the local administrator's group on a Mac, please see the following KB instead:
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.