Question: When running the adquery user -A <username> command, there is a line that says "userWorkstations" What does this line refer to?

Answer: When you run this command, you may see this line as part of the output:

[root@centos7 ~]# adquery user -A tetsu

userWorkstations:centos7






What this means is that the user has only been allowed to login to this machine, set using the Active Directory User and Computers console.

When you open the user object, go to the account tab, you will see a "Log On To.." button. This is where the machine is specified:







When you click this option, you will see the machines the user is only allowed to login to:







If you find that a user cannot login to a machine and getting an 'Account cannot be accessed at this time..' message, check to see if this line is present in the adquery user -A output. If you see a machine listed here, it means the user can only login to this machine and will affect Centrify-enabled machines as well. You can add or remove machines that you want to have the user login to using this tab in Active Directory. Once you edit the user account properties, make sure to run adflush -f to make the changes take effect on the linux machine.