I.2 Active Directory Administrative Users and Groups

Administrative access to NSS AD service components is controlled by the AD users and groups summarized in Table I-2.

Table I-2 Administrative Users and Groups

Administrative Group

Associated Service

Object Type

Purpose

Administrator

Active Directory

Admin user

The Active directory administrator that has all rights to manage the Active Directory Domain

Delegated Administrator

Active Directory

Admin user

These administrators are usually responsible for administering within a specific OU. They might be assigned only enough rights to install servers or they might be assigned to specific roles.

These are similar to eDirectory Container Administrators.

Domain Admins

NSS AD

AD Group

Members of this group in the domain the OES server has joined, have Supervisor rights on the AD-enabled volumes associated with those servers.

A different group can be designated through the nitconfig utility or by manually editing the nitd.conf file.

OESAccessGrp

NSS AD

AD Group

Members of this group have rights to manage trustee assignments, file attributes, and so forth on AD-enabled NSS volumes as their trustee assignments allow.

If the group doesn’t exist, all AD users with the required trustee assignments can perform management tasks on AD-enabled volumes.