Creating an advanced group map

  • Article

Applies To: Windows Server 2003 R2

To create an advanced group map from the Windows interface

  1. Open Microsoft Services for Network File System: click Start, point to Programs, point to Administrative Tools, and then click Microsoft Services for Network File System.

  2. If necessary, connect to the computer you want to manage.

  3. Expand User Name Mapping.

  4. Right-click Group Maps and select Create Map.

  5. In the Windows domain list, select the domain for which you want to list users, and then click List Windows Groups.

  6. If you are obtaining UNIX user information from a Network Information Service (NIS) domain, in the NIS Domain name box, type the name of the NIS domain from which you are getting account information. If the master server of the NIS domain is located on a different subnet than the User Name Mapping server, then in the NIS Server name box, type the name of the master server.

  7. Click List UNIX Groups.

  8. In the Windows Group and UNIX Group lists, click the two accounts you want to map to each other and click Add.

  9. To save the settings, click Apply.

Note

As you add maps, new maps are listed below existing maps. This does not reflect the order in which the maps are evaluated, however. To view the actual order, click Apply, press F5 to refresh the User Name Mapping page, and then reopen the list of advanced maps. Primary maps are always listed and evaluated first, followed by secondary maps. To change the order in which maps are evaluated within the list of secondary maps, select a map and then click Move up or Move down to reposition the map within the list.

To create an advanced group map from the command line

  1. Open the command prompt.

  2. At the command prompt, to supply required information for authentication using password and group files, type:

    mapadmin [ComputerName] [–uUser**] [–pPassword] add –wgWindowsGroup–ugUnixGroup[–setprimary]**

    Argument Description

    ComputerName

    The name of the computer you want to manage.

    User

    The name of the user who has administrative credentials on the computer, if different from the current user.

    Password

    The password for the person who has administrative credentials on the computer, if different from the current user.

    WindowsGroup

    The name of the Windows group.

    UnixGroup

    The name of the UNIX group.

    –setprimary

    Make this the primary mapping.

    Note

    The command-line method maps one pair of groups at a time. To map more groups, repeat the command. When you use mapadmin to create multiple maps for a UNIX user, use the –setprimary option to specify the primary map. If necessary, you can use the mapadmin setprimary command later to change the primary map. Maps cannot be evaluated in the order in which they are created. Primary maps are always evaluated before secondary maps. To view the complete syntax for this command, at a command prompt, type: mapadmin /?