This scenario describes how to configure a policy that prevents creation of universal groups. With this policy, the Active Roles console or Web Interface does not allow an administrator to create a new universal group or convert an existing group to a universal group.
To implement this scenario, you must perform the following actions:
- Prepare the script that implements this scenario.
- Create and configure the Policy Object to run that script.
- Apply the Policy Object to a domain, OU, or Managed Unit.
As a result, the Active Roles console or Web Interface cannot be used to set the universal group scope option when creating a new group or changing an existing group in the container you selected in Step 3. For example, if you choose the Universal option under Group scope and then click Next in the New Object - Group wizard, the Active Roles console presents you with an error message stating that creation of universal groups is not allowed.
The following sections elaborate on the steps to implement this scenario.