It is possible to authenticate AIX-users to the Windows 2003 Active Directory.
But is it also possible to do full useradministration in the ADS without also adding users to the local AIX-server?
I have the following working:
- Add user to the ADS
- Add user to AIX with 'mkuser registry=KRB5Afiles SYSTEM=KRB5Afiles <username>'
- Now the password for <username> is being checked against the ADS
But I want the full useradministration in the ADS (username, password, primary group, other groups, which shell to start) without adding the user to the local AIX server. Is that possible?