Question:
How can access to a Zone be removed/revoked after the user was previously delegated control to a Zone via Centrify DirectControl console?
Answer:
Currently Centrify DirectControl / DirectManage Access Manager does not have the feature to remove a user from Zone delegation.
Microsoft ADUC (Active Directory Users and Computers) or ADSIedit (adsiedit.msc) can be used instead:
Microsoft ADSIedit is included with Windows Server can be used to view or modify security properties for Zone ownership.
- Launch ADUC
- Expand to the Zone container
- Right-click the desired Zone and select "Properties"
- In the Zone properties window, select the Security tab > Advanced
- In the Advanced Security Settings window, select the Owner tab
- This will display the current Zone owner and can also be used to modify Zone ownership
