Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4838: Why is Enterprise/Domain admin privileges required when running the setup wizard for Access Manager?.

Centrify DirectControl ,  

12 April,16 at 10:22 AM

Applies to: All versions of Direct Access Manager.



Question:

In Centrify Standard Suite 2014.1 (or earlier), when running the Access Manager setup wizard, Enterprise/Domain admin privileges is required. 

What specific information is written to AD and where in the forest is it written? 

Is there a work around such that Enterprise/Domain admin privilege is not required? 



Answer:

By default, Centrify does not require you to be an enterprise administrator or domain administrator of the forest root domain to install or configure
Centrify-specific properties. 

However, some optional configuration tasks do require you to be an enterprise administrator or a domain administrator of the forest root domain. 

These optional tasks involve:

1)  Creating Display Specifiers for Centrify profiles to enable access to the Centrify Profile properties page in the Active Directory Users and Computers console.

- Registering the administrative notification handler to ensure data consistency if users delete Centrify objects using Active Directory Users and Computers.

- Creating parent containers manually for Centrify objects objects to enable maximum control over the placement of and rights associated with Centrify-related objects within Active Directory.

In most cases, if you want to perform any of these tasks, you must use an account that is an  enterprise administrator or a domain administrator of the
forest root domain.

Please refer to pages 231 on why enterprise/domain admin privilege is required.

http://www.centrify.com/downloads/products/documentation/suite2014/centrify-unix-deployment-guide.pdf

Now if the above features are not required, strictly there is no need for Enterprise/Domain admin privileges however when you attempt to run setup as a
non-enterprise/Domain admin user, you will get this error as shown in the screenshot

Failed to add license and Failed to set permission

Please see page 229 of below guide on how to setup permissions manually before re-running the setup wizard.

http://www.centrify.com/downloads/products/documentation/suite2014/centrify-unix-deployment-guide.pdf

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6011: Installing and using the Centrify Deployment Report articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6041: How to show current license type in use by adclient? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-7697: "Failed to modify display specifier. Access is denied" is encountered in Cloud Connector Configuration Wizard