- Trustees Users or groups that have permissions to administer users, groups, computers, or other directory objects.
- Permissions and Roles Permissions are grouped in Access Templates (roles) to define how a Trustee can manage directory objects.
- Managed Units Collections of directory objects delegated to Trustees for administration.
The directory administrator defines which users or groups are designated as Trustees, which roles and permissions are assigned to Trustees, and what objects are included in Managed Units.
Managed Units are used to determine the directory objects that a Trustee can administer. As a Trustee, you can administer Managed Units for which you have assigned permissions. Managed Units containing objects you are authorized to administer are displayed under Managed Units in the console tree.
When you select a Managed Unit in the console tree, the details pane displays a list of objects included in that Managed Unit. To administer objects, select them from the list and use the commands on the Action menu.
If a Managed Unit includes a container, such as an Organizational Unit, the container is displayed under the Managed Unit in the console tree. When you select a container in the console tree, the details pane lists all child objects and sub-containers held in that container.