The need may arise for allow a technician who is not an administrator to join a linux machine to a zone. This can be accomplished in a few simple steps and does not require the computer object to be precreated. However, the user who is performing these steps must have Domain Administrator permissions in Active Directory and must also be the owner of the zone that is being modified.




1) Open Centrify Access Manager, right-click the zone you would want to manage, then choose 'Properties'

2) Choose the General tab, then click 'Permissions'






3) Check the groups listed at the top of this window and see if any of them have 'Read' checked.





4) Add your technicians to this group (you can use an existing group or create your own, but make sure it has 'Read' permissions over the zone)

5) Next time a technician joins a machine that hasn't been precreated, have them run the join and specify the "-u" option and have them enter their AD username and password.

The syntax of the adjoin command would look something like this:
# adjoin <domain name> -z <zone name> -u <username>