Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-1858: Copy file GP will not copy file from server if client side file modified

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

12 April,16 at 11:02 AM

Applies to: All versions of Centrify DirectControl
The "Copy files" group policy can be used to automatically copy a set of one or more files from the domain controller to each UNIX machine that joins the domain. For example: the "copy file gp" can be used to copy the auto_master file to systems in the zone. It is observed that the copy file gp works fine but it is not overwriting the file if someone edits it locally. 
To be specific, if the /etc/auto_master file is modified and if an "adgpupdate -T Computer" command is issued, it does not update the file. However if "adsmb get" command is issued, it updates it. Any reason?
The adsmb command allows you to perform various file operations, such as get a file, write a file, or display the contents of a directory. You can use this command in conjunction with group policies to copy files and directories to and from Windows file shares. The valid file_operations are get, getnew, put, putnew, dir, delete, mkdir, and rmdir .
Now the copyfile GP uses "getnew option" of adsmb to reduce network traffic. It compares time stamp of server/client side file and if server side is newer, it gets server side file, otherwise do nothing. This is by design hence if the file is modified locally on the client side, the file does not get overwritten with the copy from the server.
1) Change the "GetNew" to "Get" in /usr/share/centrifydc/mappers/machine/ The only trade-off is that file will be copied on every GP update.
2) The easiest way is to change local file's timestamp to make it old. Use "Run Command" GP to run this:# touch -afm -t 200001010000 <filename>

3) On the Unix machine in question, use the "get" file operation command. 
#adsmb get -s sysvol -m -r -l /etc/auto_master
where sysvol refers to the SYSVOL in domain controller, -m means use local computer's credentials, -r means use remote file followed by the location of the file, -l means local.  This will ensure that the file from server will overwrite the one on local. This has to be scheduled as a cron.
This is fixed in Centrify DirectControl 5.0.x