Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4838: Why is Enterprise/Domain admin privileges required when running the setup wizard for Access Manager?.

Authentication Service ,  

12 April,16 at 10:22 AM

Applies to: All versions of Direct Access Manager.



Question:

In Centrify Standard Suite 2014.1 (or earlier), when running the Access Manager setup wizard, Enterprise/Domain admin privileges is required. 

What specific information is written to AD and where in the forest is it written? 

Is there a work around such that Enterprise/Domain admin privilege is not required? 



Answer:

By default, Centrify does not require you to be an enterprise administrator or domain administrator of the forest root domain to install or configure
Centrify-specific properties. 

However, some optional configuration tasks do require you to be an enterprise administrator or a domain administrator of the forest root domain. 

These optional tasks involve:

1)  Creating Display Specifiers for Centrify profiles to enable access to the Centrify Profile properties page in the Active Directory Users and Computers console.

- Registering the administrative notification handler to ensure data consistency if users delete Centrify objects using Active Directory Users and Computers.

- Creating parent containers manually for Centrify objects objects to enable maximum control over the placement of and rights associated with Centrify-related objects within Active Directory.

In most cases, if you want to perform any of these tasks, you must use an account that is an  enterprise administrator or a domain administrator of the
forest root domain.

Please refer to pages 231 on why enterprise/domain admin privilege is required.

http://www.centrify.com/downloads/products/documentation/suite2014/centrify-unix-deployment-guide.pdf

Now if the above features are not required, strictly there is no need for Enterprise/Domain admin privileges however when you attempt to run setup as a
non-enterprise/Domain admin user, you will get this error as shown in the screenshot

Failed to add license and Failed to set permission

Please see page 229 of below guide on how to setup permissions manually before re-running the setup wizard.

http://www.centrify.com/downloads/products/documentation/suite2014/centrify-unix-deployment-guide.pdf

 

Related Articles

 articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS article[How To] Setup Centrify PIM for Google Compute Engine Linux VM Instances articleIdentity and Access Management for Cloudera articleKB-3390: DirectAudit SQL database setup rights and needed groups for installation. article[Labs] Securing Windows Servers with Centrify Infrastructure Service - Local Password Management articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleA Playbook to secure your Amazon AWS Infrastructure using Centrify and Active Directory - Part 3 article[10 Tips] I Inherited a Centrify Server Suite Deployment - What's next? article[HOW TO]Install and setup the Centrify Licensing Service