All versions of Direct Access Manager.Question:
In Centrify Standard Suite 2014.1 (or earlier), when running the Access Manager setup wizard, Enterprise/Domain admin privileges is required.
What specific information is written to AD and where in the forest is it written?
Is there a work around such that Enterprise/Domain admin privilege is not required? Answer:
By default, Centrify does not require you to be an enterprise administrator or domain administrator of the forest root domain to install or configure
However, some optional configuration tasks do require you to be an enterprise administrator or a domain administrator of the forest root domain.
These optional tasks involve:
1) Creating Display Specifiers for Centrify profiles to enable access to the Centrify Profile properties page in the Active Directory Users and Computers console.
- Registering the administrative notification handler to ensure data consistency if users delete Centrify objects using Active Directory Users and Computers.
- Creating parent containers manually for Centrify objects objects to enable maximum control over the placement of and rights associated with Centrify-related objects within Active Directory.
In most cases, if you want to perform any of these tasks, you must use an account that is an enterprise administrator or a domain administrator of the
forest root domain.
Please refer to pages 231 on why enterprise/domain admin privilege is required.
Now if the above features are not required, strictly there is no need for Enterprise/Domain admin privileges however when you attempt to run setup as a
non-enterprise/Domain admin user, you will get this error as shown in the screenshot
Please see page 229 of below guide on how to setup permissions manually before re-running the setup wizard.