Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-3445: How to remove/revoke a user from Zone Delegation

Authentication Service ,  

28 August,18 at 08:35 PM

How can access to a Zone be removed/revoked after the user was previously delegated control to a Zone via Centrify DirectControl console? 
Currently Centrify DirectControl / DirectManage Access Manager does not have the feature to remove a user from Zone delegation. 
Microsoft ADUC (Active Directory Users and Computers) or ADSIedit (adsiedit.msc) can be used instead:
Microsoft ADSIedit is included with Windows Server can be used to view or modify security properties for Zone ownership.
  1. Launch ADUC
  2. Expand to the Zone container 
  3. Right-click the desired Zone and select "Properties"
  4. In the Zone properties window, select the Security tab > Advanced
  5. In the Advanced Security Settings window, select the Owner tab
  6. This will display the current Zone owner and can also be used to modify Zone ownership