Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-11086: What does 'userWorkstations' mean in adquery user -A output?

Authentication Service ,  

21 September,18 at 09:47 PM

Question: When running the adquery user -A <username> command, there is a line that says "userWorkstations" What does this line refer to?

Answer: When you run this command, you may see this line as part of the output:

[root@centos7 ~]# adquery user -A tetsu


What this means is that the user has only been allowed to login to this machine, set using the Active Directory User and Computers console.

When you open the user object, go to the account tab, you will see a "Log On To.." button. This is where the machine is specified:

User-added image

When you click this option, you will see the machines the user is only allowed to login to:

User-added image

If you find that a user cannot login to a machine and getting an 'Account cannot be accessed at this time..' message, check to see if this line is present in the adquery user -A output. If you see a machine listed here, it means the user can only login to this machine and will affect Centrify-enabled machines as well. You can add or remove machines that you want to have the user login to using this tab in Active Directory. Once you edit the user account properties, make sure to run adflush -f to make the changes take effect on the linux machine.