Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3445: How to remove/revoke a user from Zone Delegation

Authentication Service ,  

28 August,18 at 08:35 PM

Question:
 
How can access to a Zone be removed/revoked after the user was previously delegated control to a Zone via Centrify DirectControl console? 
 
Answer:
 
Currently Centrify DirectControl / DirectManage Access Manager does not have the feature to remove a user from Zone delegation. 
 
Microsoft ADUC (Active Directory Users and Computers) or ADSIedit (adsiedit.msc) can be used instead:
 
Microsoft ADSIedit is included with Windows Server can be used to view or modify security properties for Zone ownership.
  1. Launch ADUC
     
  2. Expand to the Zone container 
     
  3. Right-click the desired Zone and select "Properties"
     
  4. In the Zone properties window, select the Security tab > Advanced
     
  5. In the Advanced Security Settings window, select the Owner tab
     
  6. This will display the current Zone owner and can also be used to modify Zone ownership