Example of Using NIS Clients with DirectControl Agents

An organization has an existing NIS environment, and wants to do authentication with Active Directory and keep standard NIS maps and custom maps used by an in-house application on NIS. A simple approach is to install the Agents on the NIS clients for authentication to Active Directory and use the DirectControl Network Information Service to serve the maps. The following steps can be performed:

  1. Create a DirectControl Zone in Active Directory with the same name as the NIS domain.
  2. Install the Centrify DirectControl Agent on all NIS client machines.
  3. Join each NIS client machine to Active Directory and add them to the DirectControl Zone.
  4. Import all the users and groups into Active Directory using the DirectControl Administrator Console.
  5. Import all NIS maps into the Active Directory using the DirectControl Administrator Console.
  6. Schedule down time, and stop the legacy NIS servers.
  7. Install the DirectControl Agent on the NIS servers.
  8. Join the NIS servers to the Active Directory domain and add them to the DirectControl Zone.
  9. Install and start the DirectControl Network Information Service (adnisd) on the NIS servers.

All users will use their Active Directory credentials to authenticate to Active Directory, but get maps from the DirectControl Network Information Service via normal NIS requests. All user accounts are managed in Active Directory.

Examples of Migrating Users Gradually