You want to have all your Microsoft® Active Directory users on the Windows® 2000 server map to the user profile, SYSUSERA, on System A and to the user profile, SYSUSERB, on System B.
Fortunately, you can use policy associations to create mappings directly between a group of users and a single target user identity. In this case, you can create a default registry policy association the maps all the user identities (for which no identifier associations exist) in the MYCO.COM Kerberos registry to a single i5/OS® user profile on System A.
You need two policy associations to accomplish this goal. Each policy association uses the MYCO.COM user registry definition as the source of the association. However, each policy association maps user identities in this registry to different target user identities, depending on which System i™ model the Kerberos user accesses:
Use the information from your planning works sheets to create two default registry policy associations.
Before you can use policy associations, however, first ensure that you enable the domain to use policy associations for mapping lookup operations. You can do this as part of the process for creating your policy associations, as follows:
Follow these steps to create the default registry policy association for the users to map to the SYSUSERA user profile on System A:
Follow these steps to create the default registry policy association for the users to map to the SYSUSERB user profile on System B:
Now that you have created the default registry policy associations, you can enable the registries to participate in lookup operations and to use the policy associations.