Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2453: AD user unable to login after assigning the role to an AD distribution group

Authentication Service ,  

12 April,16 at 11:09 AM

Applies to: All versions of Centrify DirectControl on all platforms.


After assigning a role to an AD Distribution group and adding AD users to the group:

Running dzinfo [AD user] on the UNIX side will show the role is in place, but AD users cannot login.

dzinfo [AD user] again will then show the role is now missing:

[root@rhel ~]# dzinfo test1

User: test1

Forced into restricted environment: No

  Role Name        Avail Restricted Env

  ---------------  ----- --------------

  (test1 has no roles assigned)

  PAM Application  Avail Source Roles

  ---------------  ----- --------------------

Privileged commands:

  Name             Avail Command               Source Roles

  ---------------  ----- --------------------  --------------------

  (test1 has no privileged command rights)

Running the command #adflush -a (flush authorization cache) can get back the role assignment, but the role assignment will be missing again after the AD user logs in.


AD Distribution group is not supported except via the ZPA. 



In ADUC or the CDC console, please change the group back to Security Group and it should function properly.