Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-11086: What does 'userWorkstations' mean in adquery user -A output?

Authentication Service ,  

21 September,18 at 09:47 PM

Question: When running the adquery user -A <username> command, there is a line that says "userWorkstations" What does this line refer to?

Answer: When you run this command, you may see this line as part of the output:

[root@centos7 ~]# adquery user -A tetsu

userWorkstations:centos7






What this means is that the user has only been allowed to login to this machine, set using the Active Directory User and Computers console.

When you open the user object, go to the account tab, you will see a "Log On To.." button. This is where the machine is specified:

User-added image





When you click this option, you will see the machines the user is only allowed to login to:


User-added image




If you find that a user cannot login to a machine and getting an 'Account cannot be accessed at this time..' message, check to see if this line is present in the adquery user -A output. If you see a machine listed here, it means the user can only login to this machine and will affect Centrify-enabled machines as well. You can add or remove machines that you want to have the user login to using this tab in Active Directory. Once you edit the user account properties, make sure to run adflush -f to make the changes take effect on the linux machine.

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-3925: How to add Centrify parameter to a group policy articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-3029: Running adquery shows the user's shell as '/sbin/nologin' and user can't login articleKB-3038: How to add an AD user into a Centrify Zone.