Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6036: What Are the Minimum Rights Needed to Precreate Computers?

Centrify DirectControl ,  

12 April,16 at 10:59 AM

Applies to: 

All versions of Centrify DirectControl on all platforms
 

Question:

What are the exact rights that are needed in Active Directory to a group or a user to be able to call precreate_computer() and to assign roles?

Answer:

To precreate computers:
 -  rights to create and delete computers is needed

For the zone: (container and ServiceConnectionPoint)
 - rights to create and delete child objects in the zone container are required

For Authorization
-  rights to create and delete the following child objects in the zone container are required:

  • msDS-AZApplication,
  • msDS-AZRole
  • msDS-AZTask
  • msDS-AZOperation

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.