Administrative access to NSS AD service components is controlled by the AD users and groups summarized in Table K-2.
Table K-2 Administrative Users and Groups
|
Administrative Group |
Associated Service |
Object Type |
Purpose |
|---|---|---|---|
|
Administrator |
Active Directory |
Admin user |
The Active directory administrator that has all rights to manage the Active Directory Domain |
|
Delegated Administrator |
Active Directory |
Admin user |
These administrators are usually responsible for administering within a specific OU. They might be assigned only enough rights to install servers or they might be assigned to specific roles. These are similar to eDirectory Container Administrators. |
|
Domain Admins |
NSS AD |
AD Group |
Members of this group in the domain the OES server has joined, have Supervisor rights on the AD-enabled volumes associated with those servers. A different group can be designated through the nitconfig utility or by manually editing the nitd.conf file. |
|
OESAccessGrp |
NSS AD |
AD Group |
Members of this group have rights to manage trustee assignments, file attributes, and so forth on AD-enabled NSS volumes as their trustee assignments allow. If the group doesn’t exist, all AD users with the required trustee assignments can perform management tasks on AD-enabled volumes. |