Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2977: How to use the Centrify Mac Diagnostic Tool

Centrify Identity Service, Mac Edition ,  

17 June,16 at 05:26 PM

Applies to: Centrify Identity Service: Mac Edition



Question:

Does Centrify provide a diagnostic tool for Mac that can be sued to view agent status and group policy that has been delivered to the client computer? Where would such a tool be located or available for download?


Answer:

Yes, Centrify is proud to provide a simple but easy to use tool for administrators that can be used for many administrative tasks to confirm potential issues prior to contacting Centirfy support.

The tool can perform the following functions:
  • Centrify agent information details
  • Active Directory and network details
  • Delivered Group Policy view and update
  • User UID and home location
  • Collection of debug logs

As of Centrify Suite 2015, the Mac Diagnostic Tool is now included as part of the Centrify for Mac agent install and can be located at the following location:
  • /Library/Application Support/Centrify/MacDiagnosticTool.app
Note: For Mac systems still on earlier versions of the Centrify agent, a separate download can be found below (Be aware that this separate download is an earlier build of the Diagnostic Tool and only supports 10.8 or lower)


The following screenshots are a description of what each button does.
 
User-added image

[ AD Info ]
Displays general account configuration information of the Centrify DirectControl agent such as local hostname, current domain controller, connection status, etc.

Equivalent Terminal command: adinfo


[ Network Info ]
Displays information about the network interfaces on the Mac and their configured parameters.

Equivalent Terminal command: ifconfig


 
User-added image

[ GP Update ]
Forces a refresh of the group policies on the Mac. 

Equivalent command: adgpupdate


[ User Policy ]
Displays the downloaded user policies for the current logged in user (Pressing this button for local accounts will return no result).
This information can be found in the file:

/var/centrifydc/reg/users/ [username] /gp.report


[ Machine Policy ]
Displays the downloaded machine policies for computer.
This information can be found in the file:

/var/centrifydc/reg/machine/gp.report


 
User-added image

[ Query ]
Displays information about a user or group in AD. 
Depending on whether [ AD User ] or [ AD Group ] is selected from the dropdown, then the output of one of the following commands will be shown (respectively):

adquery user -A
adquery group -A


If a username or groupname is entered into the textbox, then the above adqueries will be performed on just that username or groupname:

adquery user -A username
adquery group -A groupname


[ Save ]
Save the results of the adquery to the Desktop


[ /Users/ ]
Lists the contents of the /Users/ directory with their owner UIDs. This is useful to determine whether the UID of the local home folder matches the UID of the AD account that it will be mounted to.

Equivalent command: ls -ln /Users/


[ passwd.ovr ]
Determines whether a /etc/centrifydc/passwd.ovr file is present on the system. 
i.e. Whether Account Migration has been performed on the system.


 
User-added image

[ Save Basic System & Centrify Info to Desktop ]
Runs and compiles diagnostic information on the Mac system for a basic overview of the machine and how it has been configured on the network.

Equivalent command: adinfo -t


[ Flush AD Cache ]
Flushes the AD cache on the Mac. Do not push this button if the Mac has no access to the domain as any cached users will lose the ability to login offline.

Equivalent command: adflush


[ 0. Clear Debug Log Files ]
[ 1. Enable / Disable Debugger ]
[ 2. Save Debug Log Files to Desktop ]
Used for toggling the Centrify debugging mode.

Equivalent commands:

[0 ] /usr/local/share/centrifydc/bin/addebug clear 
[1a] /usr/local/share/centrifydc/bin/cdcdebug on 
[1b] /usr/local/share/centrifydc/bin/cdcdebug off 
[2 ] /usr/local/share/centrifydc/bin/cdcdebug -f pack username





User-added image
 
Direct links to Centrify Support online.
Attachments:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.