HierarchicalZone
The HierarchicalZone class represents a hierarchical zone.
Syntax
public interface IHierarchicalZone : IZone
Discussion
The HierarchicalZone class inherits many methods and properties from the Zone
class, but adds support for partial profiles and inheritable roles. Under
hierarchical zones, both identity (profile data) and access (authorization data)
are inherited, such that a user's effective identity or access are determined by
all the profile data and all the access data at all levels of the hierarchy.
See HierarchicalUser for a discussion of profile and access inheritance.
Methods
The HierarchicalZone class provides the following methods:
| Method | Description |
|---|---|
AddAccessGroup
|
Adds an empty role assignment to a group |
AddComputerRole
|
Creates a computer role under this zone. |
AddGroupPartialProfile
|
Adds a partial profile for a specified group. |
AddLocalGroupPartialProfile
|
Adds a partial profile for a specified local group. |
AddLocalUserPartialProfile
|
Adds a partial profile for a specified local user. |
AddMitUser
|
Adds an MIT Kerberos realm trusted user to this zone. (Inherited from Zone.) |
AddRoleAssignment
|
Adds an empty role assignment. |
AddUserPartialProfile
|
Adds a partial profile for a specified user. |
Commit
|
Commits changes to the group object to Active Directory. (Inherited from Zone.) |
CreateCommand
|
Creates a command right for the zone. |
CreateImportPendingGroup
|
Creates a pending imported group in this zone. (Inherited from Zone.) |
CreateImportPendingUser
|
Creates a pending imported user in this zone. (Inherited from Zone.) |
CreateNetworkAccess
|
Creates a network application access right. |
CreatePamAccess
|
Creates a PAM application access right. |
CreateRole
|
Creates a role in the zone. |
CreateSshRight
|
Creates an SSH application access right. |
CreateWindowsApplication
|
Creates a Windows application access right. |
CreateWindowsDesktop
|
Creates a Windows Desktop access right. |
Delete
|
Marks the zone for deletion from Active Directory. (Inherited from Zone.) |
GeneratePredefinedRights
|
Generates predefined SSH and PAM rights in this zone. |
GeneratePredefinedRoles
|
Generates predefined user roles in this zone. |
GetAccessGroup
|
Returns a group assigned to this zone given a role for the group. |
GetAccessGroups
|
Returns an enumeration of groups in the zone. |
GetChildZones
|
Returns an enumeration of this zone’s child zones. |
GetCommand
|
Returns the privileged command right with a specific name or GUID. |
GetCommands
|
Returns an enumeration of all the privileged command rights in the zone. |
GetComputerByDN
|
Returns the computer profile in the zone given the distinguished name of the profile. (Inherited from Zone.) |
GetComputerRole
|
Returns a specific computer role under this zone. |
GetComputerRoles
|
Returns an enumeration of all the computer roles under this zone. |
GetComputers
|
Returns an enumeration of all the computers in the zone. (Inherited from Zone.) |
GetComputersContainer
|
Returns the Active Directory object for the Computers node. (Inherited from Zone.) |
GetDirectoryEntry
|
Returns the Active Directory object for the zone. (Inherited from Zone.) |
GetDisplayName
|
Returns the display name of this zone. (Inherited from Zone.) |
GetEffectiveCommands
|
Returns all the command rights that can be assigned to users in the zone, including inherited rights. |
GetEffectiveNetworkAccesses
|
Returns all the network access rights that can be assigned to users in the zone, including inherited rights. |
GetEffectivePamAccesses
|
Returns all the PAM application access rights that can be assigned to users in the zone, including inherited rights. |
GetEffectiveRoles
|
Returns all the user roles that can be assigned to users in the zone, including inherited roles. |
GetEffectiveSshs
|
Returns all the SSH application access rights that can be assigned to users in the zone, including inherited rights. |
GetEffectiveUserUnixProfiles
|
Returns an enumeration of effective users under this zone. |
GetEffectiveWindowsApplications
|
Returns all the Windows application access rights that can be assigned to users in the zone, including rights inherited from zones higher in the hierarchy. |
GetEffectiveWindowsDesktops
|
Returns all the Windows desktop access rights that can be assigned to users in the zone, including rights inherited from zones higher in the hierarchy. |
GetEffectiveWindowsUsers
|
Returns all the Windows users in the zone, including users inherited from zones higher in the hierarchy. |
GetLocalGroupsContainer
|
Returns the DirectoryEntry of the local groups container. (Inherited from Zone.) |
GetLocalUserUnixProfile
|
Returns the local UNIX group profile for a specified group name in the zone. (Inherited from Zone.) |
GetLocalUserUnixProfileByDN
|
Returns a local group profile using the distinguished name (DN) of the profile. (Inherited from Zone.) |
GetLocalGroupUnixProfileByGid (Int32) |
Returns the local group profile using the Group Identifier (GID). This method is exposed to the .COM interface. (Inherited from Zone.) |
GetLocalGroupUnixProfiles
|
Returns a list of the local group profiles in the zone. (Inherited from Zone.) |
GetLocalUsersContainer
|
Returns the directory entry of the local users container. (Inherited from Zone.) |
GetLocalUserUnixProfile
|
Returns the local user profile using the specified user name. (Inherited from Zone.) |
GetLocalUserUnixProfileByDN
|
Returns the local user profile specified by the distinguished name (DN) of the profile. (Inherited from Zone.) |
GetLocalUserUnixProfileByUid (Int32) |
Returns the local user profile using the User Identifier (UID). This method is exposed to the .COM interface (Inherited from Zone.) |
GetLocalUserUnixProfiles
|
Returns a list of the local user profiles in the zone. (Inherited from Zone.) |
GetNetworkAccess
|
Returns the specified network access right. |
GetNetworkAccesses
|
Returns all the network access rights that can be assigned to users in the zone. |
GetGroupsContainer
|
Returns the Active Directory object for the Groups container. (Inherited from Zone.) |
GetGroupUnixProfile
|
Returns the UNIX group profile in this zone for the specified Active Directory group. (Inherited from Zone.) |
GetGroupUnixProfileByDN
|
Returns the UNIX group profile in this zone for the Active Directory group specified by distinguished name. (Inherited from Zone.) |
GetGroupUnixProfileByName
|
Returns the UNIX group profile in this zone for the Active Directory group specified by group name. (Inherited from Zone.) |
GetGroupUnixProfiles
|
Returns an enumeration of the UNIX groups in the zone. (Inherited from Zone.) |
GetImportPendingGroup
|
Returns the group with the specified ID pending import. (Inherited from Zone.) |
GetImportPendingGroups
|
Returns an enumeration of groups pending import to this zone. (Inherited from Zone.) |
GetImportPendingUser
|
Returns the user with the specified ID pending import. (Inherited from Zone.) |
GetImportPendingUsers
|
Returns an enumeration of users pending import to this zone. (Inherited from Zone.) |
GetNetworkAccess
|
VBScript interface to access NSS variables. |
GetNSSVariables
|
VBScript interface to obtain all NSS variable names. |
GetPamAccess
|
Returns the PAM application access right with the specified name. |
GetPamAccesses
|
Returns an enumeration of all the PAM application rights in the zone. |
GetPrimaryUser
|
Returns the primary profile for the specified user. |
GetRole
|
Returns the role with the specified name or GUID. |
GetRoleAssignment
|
Returns the role assignment for the specified role and trustee. |
GetRoleAssignmentById
|
Returns the role assignment for the specified GUID. |
GetRoleAssigments
|
Returns an enumeration of all the role assignments in the zone. |
GetRoleAssignmentToAllADUsers
|
Returns the role assignment given to all Active Directory users who have a specified role. |
GetRoleAssignmentToAllUnixUsers
|
Returns the role assignment given to all UNIX users who have a specified role. |
GetRoles
|
Returns an enumeration of all the roles in the zone. |
GetSecondaryUsers
|
Returns an enumeration of the secondary profiles for the specified user. |
GetSshRight
|
Returns the SSH application access right with the specified name. |
GetSshRights
|
Returns an enumeration of all the SSH application rights in the zone. |
GetSubTreeRoleAssignments
|
Returns all role assignments under this zone, including role assignments for computer roles and computers. |
GetUserProfiles
|
Returns an enumeration of all the user profiles for the specified user. |
GetUserRoleAssignments
|
Returns an enumeration of all the user role assignments in the zone. |
GetWindowsApplication
|
Returns the specified Windows application right. |
GetWindowsApplications
|
Returns all the Windows application rights in the zone. |
GetWindowsComputers
|
Returns all the Windows computers in the zone. |
GetWindowsDesktop
|
Returns the specified Windows desktop right. |
GetWindowsDesktops
|
Returns all the Windows desktop rights in the zone. |
GetUsersContainer
|
Returns the directory entry of the Users container. (Inherited from Zone.) |
GetUserUnixProfileByDN
|
Returns the UNIX user profile in this zone for the user specified by distinguished name. (Inherited from Zone.) |
GetUserUnixProfileByName
|
Returns the UNIX user profile in this zone for the user specified by user name. (Inherited from Zone.) |
GetUserUnixProfiles
|
Returns an enumeration of all the UNIX user profiles in the zone. (Inherited from Zone.) |
GroupUnixProfileExists
|
Indicates whether the group has a profile in this zone. (Inherited from Zone.) |
LocalGroupUnixProfileExists
|
Indicates whether a UNIX profile exists in the zone for the specified local group. (Inherited from Zone.) |
LocalUserUnixProfileExists
|
Indicates whether a UNIX profile exists in the zone for the specified local user. (Inherited from Zone.) |
PrecreateComputerZone
|
Adds a computer zone to a computer object in this zone. |
Refresh
|
Refreshes the data in this object instance from the data stored in Active Directory. (Inherited from Zone.) |
SetNSSVariable
|
VBScript interface to set the values of NSS variables. |
UserUnixProfileExists
|
Indicates whether the specified user has a profile in this zone. (Inherited from Zone.) |
Properties
The HierarchicalZone class provides the following properties:
| Property | Description |
|---|---|
AdsiInterface
|
Gets the IADs interface of the zone object in Active Directory. (Inherited from Zone.) |
ADsPath
|
Gets the LDAP path to the zone object. (Inherited from Zone.) |
AgentlessAttribute
|
Gets or sets the attribute used to store the password hash for an agentless client. (Inherited from Zone.) |
AvailableShells
|
Gets or sets an enumeration of available user login shells. (Inherited from Zone.) |
Cims
|
Gets the Cims object managing this zone. (Inherited from Zone.) |
DefaultGroup
|
Gets or sets the default group for new users. (Inherited from Zone.) |
DefaultHomeDirectory
|
Gets or sets the default login directory for new users. (Inherited from Zone.) |
DefaultShell
|
Gets or sets the default login shell for new users. (Inherited from Zone.) |
DefaultValueZone
|
Gets or sets the zone to use for default zone values. (Inherited from Zone.) |
Description
|
Gets or sets the description of the zone. (Inherited from Zone.) |
FulllName
|
Gets or sets the full name of the zone. (Inherited from Zone.) |
GroupAutoProvisioningEnabled
|
Indicates whether auto-provisioning of group profiles is enabled for the zone. (Inherited from Zone.) |
GroupDefaultName
|
Gets or sets the default group name. |
ID
|
Gets the unique identifier for the zone. (Inherited from Zone.) |
IsChild
|
Indicates whether this is a child zone. |
IsGroupDefaultNameDefined
|
Indicates whether the group default name is defined. |
IsHierarchical
|
Indicates whether this is a hierarchical zone. (Inherited from Zone.) |
IsNextGidDefined
|
Gets or sets whether Next GID value is configured for this zone. |
IsNextUidDefined
|
Gets or sets whether Next UID value is configured for this zone. |
IsReadable
|
Indicates whether this zone object in Active Directory is readable with the current user credentials. (Inherited from Zone.) |
IsSFU
|
Indicates whether the zone uses the Microsoft Services for UNIX (SFU) schema extension. (Inherited from Zone.) |
IsTruncateName
|
Indicates whether this is a TruncateName zone. (Inherited from Zone.) |
IsUseAutoPrivateGroupDefined
|
Determines whether the UseAutoPrivateGroup flag is defined. |
IsUserDefaultGecosDefined
|
Determines whether the user default GECOS is defined in this profile. |
IsUserDefaultHomeDirectoryDefined
|
Determines whether the user default home directory is defined in this profile. |
IsUserDefaultNameDefined
|
Determines whether the user default name is defined in this profile. |
IsUserDefaultPrimaryGroupDefined
|
Determines whether the user default primary group is defined in this profile. |
IsUserDefaultRoleDefined
|
Determines whether the user default role is defined in this profile. |
IsUserDefaultShellDefined
|
Determines whether the user default login shell is defined in this profile. |
IsWritable
|
Indicates whether this zone object is writable using the provided credential. (Inherited from Zone.) |
Licenses
|
Gets or sets the license container for the zone. (Inherited from Zone.) |
MasterDomainController
|
Gets or sets the master domain controller for the zone. (Inherited from Zone.) |
MustMaintainADGroupMembership
|
Indicates whether Active Directory group membership must be maintained. (Inherited from Zone.) |
Name
|
Gets or sets the name of the zone. (Inherited from Zone.) |
NextAvailableGID
|
Gets or sets the next GID to be used when adding a group (32-bit for COM programs). (Inherited from Zone.) |
NextAvailableUID
|
Gets or sets the next UID to be used when adding a user (32-bit for COM programs). (Inherited from Zone.) |
NextGID
|
Gets or sets the next GID to be used when adding a group (64-bit for .NET modules). (Inherited from Zone.) |
NextUID
|
Gets or sets the next UID to be used when adding a user (64-bit for .NET modules). (Inherited from Zone.) |
NISDomain
|
Gets or sets the NIS domain associated with this SFU zone. (Inherited from Zone.) |
NssVariables
|
Gets the map of profile variables. |
Parent
|
Gets or sets the parent of this zone. |
ReservedGID
|
Gets or sets the list of GIDs not to be used when adding groups. (Inherited from Zone.) |
ReservedUID
|
Gets or sets the list of UIDs not to be used when adding users. (Inherited from Zone.) |
Schema
|
Gets the schema of the zone. (Inherited from Zone.) |
SFUDomain
|
Gets or sets the Active Directory domain associated with this SFU zone for retrieving SFU information. (Inherited from Zone.) |
UseAppleGid
|
Determines whether to use the Apple algorithm to automatically generate the GID when adding a group. The Apple algorithm is based on the globally unique identifier (GUID) for the object. |
UseAppleUid
|
Determines whether to use the Apple algorithm to automatically generate the UID when adding a user. The Apple algorithm is based on the globally unique identifier (GUID) for the object. |
UseAutoGid
|
Determines whether to use the IBM Security algorithm to automatically generate the GID when adding a group. The IBM Security algorithm is based on the security identifier (SID) for the object. |
UseAutoPrivateGroup
|
Determines whether this zone defaults to use an auto private group when adding a zone user. |
UseAutoUid
|
Determines whether to use the IBM Security algorithm to automatically generate the UID when adding a user. The IBM Security algorithm is based on the security identifier (SID) for the object. |
UseNextGid
|
Determines whether to use the NextGID property when adding a group. |
UseNextUid
|
Determines whether to use the NextUID property when adding a user. |
UserAutoProvisioningEnabled
|
Indicates whether auto-provisioning of user profiles is enabled for the zone. (Inherited from Zone.) |
UserDefaultGecos
|
Gets or sets the default GECOS field for new user profiles. |
UserDefaultGid
|
Gets or sets the user default GID when adding a new user profile. |
UserDefaultName
|
Gets or sets the default user name for a new user profile. |
UserDefaultPrimaryGroup
|
Gets or sets the user default GID for new user profiles; for use in VBScript scripts. |
UserDefaultRole
|
Gets or sets the default role for a new user profile. |
Version
|
Gets the version number of the data schema. (Inherited from Zone.) |