Change NWS User Attributes (CHGNWSUSRA)

The Change Network Server User Attributes (CHGNWSUSRA) command is used to change network server attributes for a user or group profile that operate in a networking environment. This command can be used to do the following:

  1. Set network server attributes for a specific user or group profile.
  2. For Windows networks, the network server attributes can be set so that a user or group profile will be enrolled into one or more Windows domains or local servers. When enrolling into a Windows local server, the server must be associated with a locally attached Integrated xSeries Server. Where the profile is enrolled depends on the values specified by the WNTDMNLST and WNTLCLSVRL parameters.

    When a user is enrolled, a matching Windows user identity is created in the Windows domain or on the Windows local server.

    When a group profile is enrolled into a Windows domain or local server, a matching Windows group is created in the domain or local server. All user profiles that are defined in the group are enrolled into the domain or local server and added to the Windows groups that are currently defined by the user account template.

Network server user attributes are saved by the Save System (SAVSYS) and Save Security Data (SAVSECDTA) commands. Network server user attributes are restored to the system when the user profile is restored. The Restore User Profiles (RSTUSRPRF) command can be used to restore user profiles and the network server user attributes associated with them.

Restrictions:

  1. Only a user with *OBJMGT and *USE authorities to the user profile being changed, can specify this command.
  2. To make changes to the WNTDMNLST, or WNTLCLSVRL parameters, a user must have *SECADM special authority.
  3. The Windows domain and server names specified in the WNTDMNLST and WNTLCLSVRL parameters must follow the naming conventions of Windows.

Parameters

Keyword Description Choices Notes
USRPRF User profile Simple name, *CURRENT Optional, Key, Positional 1
PRFTYPE Profile type *USER, *GROUP Optional, Key, Positional 2
PMTCTL Prompt control *ALL, *WINDOWS, *WINDOWSNT Optional, Key, Positional 3
PRPGRPMBR Propagate group members *SAME, *NONE, *ALL, *MBRONLY Optional
DFTSVRTYPE Default server type *SAME, *WINDOWS, *NWSA, *WINDOWSNT Optional
WNTDMNLST Windows server domain list Single values: *SAME, *NWSA, *NONE
Other values (up to 64 repetitions): Element list		 Optional
Element 1: Domain Character value
Element 2: User template Character value, *NONE
Element 3: Group type *GLOBAL, *LOCAL
WNTLCLSVRL Windows local server list Single values: *SAME, *NWSA, *NONE
Other values (up to 64 repetitions): Element list		 Optional
Element 1: Server Character value
Element 2: User template Character value, *NONE

User profile (USRPRF)

Specifies the name of an user profile whose network server attributes are to be set.

The following IBM-supplied objects are not valid on this parameter: 

QAUTPRF         QNFSANON       QYCMCIMOM
QCOLSRV         QRJE           QEJBSVR
QDBSHR          QSNADS         QSRVAGT
QDBSHRDO        QSPL           QANZAGENT
QDFTOWN         QSPLJOB        QIBMHELP
QDOC            QSYS
QDSNX           QTCP
QEJB            QTFTP
QFNC            QTSTRQS
QGATE           QCLUMGT
QLPAUTO         QTCM
QLPINSTALL      QIPP
QMSF            QPM400
QNETSPLF        QNTP
QYPSJSVR        QCLUSTER
                QMGTC

The following profile names are not valid on this parameter when enrolling to a Windows domain or server. 

GUEST
GUESTS
REPLICATOR
USERS

*CURRENT
The user profile attributes for the current user profile are changed.
user-name
Specify the name of a user or group profile.

Profile type (PRFTYPE)

Specifies whether the user or group attributes for a profile are to be changed.

*USER
The user profile attributes are changed.
*GROUP
The group profile attributes are changed.

Prompt control (PMTCTL)

Specifies which network server attributes should be prompted for on the command.

*ALL
All parameters are prompted.
*WINDOWS or *WINDOWSNT
Only those parameters that apply to Windows domains and servers are prompted.

Note: *WINDOWS should be used in V5R4 and later releases. The *WINDOWSNT value is supported for compatibility with releases prior to V5R4.

Propagate group members (PRPGRPMBR)

Specifies how a group and its users are to be enrolled. There are two different ways that a group and its users can be enrolled.

  1. The group is enrolled in the network. All of the members of the group are also enrolled in the network and added to the newly created group.
  2. Only the members of the group are enrolled in the network. The group itself is not enrolled in the network.
*SAME
The PRPGRPMBR value does not change. If the PRPGRPMBR parameter has never been set, it is defaulted to *ALL.
*ALL
The group and all members of the group are enrolled. Any user profiles added to this group at a later time are also enrolled into the network.
*MBRONLY
Only the members of the group are enrolled. The group itself is not enrolled. Any user profiles added to this group at a later time are also enrolled into the network.

Default server type (DFTSVRTYPE)

Specifies the default server type for this user. This attribute is used primarily as a default for those commands that support multiple network types.

*SAME
The default server type does not change.
*NWSA
The default server type from the system network server attributes is used.
*WINDOWS or *WINDOWSNT
The default server type for the user is set to *WINDOWS.

Note: *WINDOWS should be used in V5R4 and later releases. The *WINDOWSNT value is supported for compatibility with releases prior to V5R4.

Windows server domain list (WNTDMNLST)

Specifies a list of Windows domains that will be used by the user enrollment support to determine into which Windows domains this user profile is enrolled.

Each entry in the list will contain a domain, a user account template name, and a group type. The user account template name is the name of a Windows user identity that is to be used when creating new Windows users.

Up to 64 entries can be specified for this parameter. An entry consists of a value from each of the following elements. A domain name must be entered for each entry and must be unique within the list.

If the WNTDMNLST parameter has never been set, it is defaulted to *NONE.

Single values

*SAME
The Windows domain list entries do not change.
*NWSA
When *NWSA is specified, the Windows domain list from the system network server attributes is used.
*NONE
When *NONE is specified, this profile will not be enrolled into any Windows domains.

Element 1: Domain

'domain-name'
Specify the name of the Windows domain where the user enrollment support will enroll this user profile.

Element 2: User template

Specifies the name of a Windows user that can be used as a template when creating new Windows users in the Windows domain.

Note: Changing this value will not affect Windows users that are already enrolled in the domain.

*NONE
No Windows user account template is used when creating a new user identity in the Windows domain.
'user-account-template-name'
Specifies the name of a Windows user account to be used when creating new Windows user identities in the domain.

Element 3: Group type

Specifies the type of group to be created in the Windows domain. This element is ignored when PRFTYPE(*USER) is specified.

*GLOBAL
A global group is created in the Windows domain.
*LOCAL
A local group is created in the Windows domain.

Windows local server list (WNTLCLSVRL)

Specifies a list of Windows local servers that will be used by the user enrollment support to determine into which Windows local server the user profile is enrolled. Only those server names associated with locally configured Integrated xSeries Servers can be specified in this list.

Each entry in the list will contain a server name and associated user account template name. The user account template name is the Windows user account to be used when creating new Windows user identities on the server.

Up to 64 entries can be specified for this parameter. An entry consists of a value from each of the following elements. A server name must be entered for each entry and must be unique within the list.

If the WNTLCLSVRL parameter has never been set, it is defaulted to *NONE.

Single values

*SAME
The value does not change.
*NWSA
When *NWSA is specified, the Windows local server list from the system network server attributes is used.
*NONE
When *NONE is specified, this profile will not be enrolled into any Windows local servers.

Element 1: Server

'server-name'
Specify the name of a Windows local server where the user enrollment support will enroll this user profile. This server must be a locally configured integrated Windows server.

Element 2: User template

Specifies the name of a Windows user that can be used as a template when creating new Windows users on the local server.

Note: Changing this value will not affect Windows users that are already enrolled on the server.

*NONE
No Windows user account template is used when creating a new user identity on the Windows local server.
'user-account-template-name'
Specifies the name of a Windows user account to be used when creating new Windows user identities on the local server.

Examples

Example 1: Enrolling a user into a Windows network 

CHGNWSUSRA   USRPRF(BOB)  DFTSVRTYPE(*WINDOWS)
             WNTDMNLST((DMN01 USRTMP1) (DMN02 *NONE))
             WNTLCLSVRL((LCLSVR1 TMPL1) (LCLSRV2 *NONE))

The above command will change the network server user attributes for user profile BOB. BOB's default server type is set to *WINDOWS.

The i5/OS user enrollment support will enroll user BOB into domain DMN01 using user account template USRTMP1 and also into domain DMN02.

The i5/OS user enrollment support will also enroll user BOB into local server LCLSVR1 using user account template TMPL1 and also into local server LCLSRV2.

Error messages

*ESCAPE Messages

CPFA450
Network server user attributes for user profile &1 not changed. See previous messages.