Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-8384: Best Practices When Reparenting a Zone

Authentication Service ,  

17 March,17 at 04:20 PM

Applies to:
All versions of Centrify DirectControl

A hierarchical zone can be moved in Access Manager either deliberately or by accident with a simple drag-and-drop motion of the mouse.  If a zone is moved unintentionally, it should be reparented to put it back into the proper hierarchical structure.  If the move is deliberate, it is best to relocate the zone container in Active Directory so the AD location does not give a misleading impression.

How can the zone be reparented to correct a drag-and-drop error, or moved in Active Directory to avoid the misleading impression?

To reparent the zone: Open Access Manager, browse to the zone (in this case test), <right> <click> and select Properties.  Locate the Parent zone information.
User-added image
The zone can be reparented by selecting the Browse button, and locating the correct parent zone and then picking Apply or OK
User-added image


If the zone was moved deliberately, it is best to move the AD zone container to the proper location in Active Directory Users and Computers (ADUC) so the output from adinfo and/or zone container location in ADUC, do not give a false impression regarding the zone parentage.  The zone container in ADUC is move by dragging and dropping per the image below.

In this example, the zone test, was originally a child zone of Global.  But it has been deliberately moved in Access Manager, so it is no longer a child zone.  The image shows how to move test  in ADUC so it is located outside of the Global zone.
User-added image
** In either case, when a change is made, either by reparenting or by moving the zone container in ADUC, the adclient needs to be stopped and restarted on all the computers contained in the zone.