Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3045: Can Auto Zone co-exist with Zone Mode?

Authentication Service ,  

12 April,16 at 11:09 AM

Applies to: All versions of Centrify DirectControl
 
Question:
 
Can a domain have both Auto Zone mode systems and Zone Mode systems, such as those joined into Classical and/or Hierarchical Zones?

 
Answer:
 
Yes, as Auto Zone can be thought of as just another Centrify Zone - but one where the user's UNIX Profile is automatically generated from Active Directory, so there is no configuration needed in the DirectManage/DirectControl console. It is effectively a "Ghost Zone".
 
Note that although the two Zone modes can co-exist, a user logging into a computer that is joined in Auto Zone mode may have a different UID and GID than when they log into a Zone Mode system. If the user needs to have the same UID and GID for all systems, then the Zone Mode needs to be configured to generate their UIDs and GIDs from the Active Directory SID, as this is the method that Auto Zone uses.
 
If a system is being moved from Auto Zone to Zone Mode, or vice versa, and the "Autogenerate from SID" has not been used, then Account Migration will need to be used to map the user's new UID over their old UID as recognised by the local system.
 

Related Articles

 article[HOWTO] Setup the Zone Provisioning Agent articleKB-3038: How to add an AD user into a Centrify Zone. articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? article[TIPS] A Centrify Server Suite Cheat Sheet articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? article[Basics] Centrify Zone schemas, UNIX identity data sourcing and provisioning - Part I