Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4624: Computer Objects are not created in Active Directory for mobile devices after enrollment

Centrify Identity Service, App Edition ,  

12 April,16 at 11:47 AM

Applies To: Centrify Identity Service


Question:

Our Company has recently started using Centrify Identity Service and we're now starting to enroll our mobile
devices including Android, iOS and Mac OS X systems. After enrollment completes, we are able to view the
device details in the Cloud Manager and User portal but the object never appears in Active Directory Users
and Computers (ADUC) as a computer object in the container specified in the Cloud Manager policy

Is this expected behavior after installing the Centrify Cloud Connector or do we need to configure additional options?


Answer:

There are 2 requirements that must be met before the cloud connector can create an Active Directory computer
object to associate mobile devices enrolled with the Centrify Identity Service:

1. Centrify must be enabled for Mobile Device Management. Administrators can determine if Centrify will provide
MDM+SSO functionality or SSO-only services to users via settings in the Cloud Manager (Settings >
Mobile Device Management > enable the "Use the cloud service for mobile device management" option)

2. The user account used for device enrollment must be an Active Directory user. If a Centrify Directory User
(cloud) account is used for enrollment, the device will display in the Cloud Manager and User portals but will
not create a matching object in ADUC. This is intended by design as the cloud user is not a member of
Active Directory - the object cannot be associated with the user account.


Note: If a Centrify Directory Service account is created that matches the username of an Active Directory user,
the cloud service will authenticate the user during enrollment as a cloud user and not an Active Directory user.
When this occurs, no computer object will be created in ADUC and is expected behavior.

Centrify Support recommends unique account usernames. Matching cloud user account names to Active Directory
user accounts should not be used and is not a supportable configuration.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.