Applies to: All versions of Direct Access Manager.
Question:In Centrify Standard Suite 2014.1 (or earlier), when running the Access Manager setup wizard, Enterprise/Domain admin privileges is required.
What specific information is written to AD and where in the forest is it written?
Is there a work around such that Enterprise/Domain admin privilege is not required?
Answer:By default, Centrify does not require you to be an enterprise administrator or domain administrator of the forest root domain to install or configure
Centrify-specific properties.
However, some optional configuration tasks do require you to be an enterprise administrator or a domain administrator of the forest root domain.
These optional tasks involve:
1) Creating Display Specifiers for Centrify profiles to enable access to the Centrify Profile properties page in the Active Directory Users and Computers console.
- Registering the administrative notification handler to ensure data consistency if users delete Centrify objects using Active Directory Users and Computers.
- Creating parent containers manually for Centrify objects objects to enable maximum control over the placement of and rights associated with Centrify-related objects within Active Directory.
In most cases, if you want to perform any of these tasks, you must use an account that is an enterprise administrator or a domain administrator of the
forest root domain.
Please refer to pages 231 on why enterprise/domain admin privilege is required.
http://www.centrify.com/downloads/products/documentation/suite2014/centrify-unix-deployment-guide.pdf
Now if the above features are not required, strictly there is no need for Enterprise/Domain admin privileges however when you attempt to run setup as a
non-enterprise/Domain admin user, you will get this error as shown in the screenshot

Please see page 229 of below guide on how to setup permissions manually before re-running the setup wizard.
http://www.centrify.com/downloads/products/documentation/suite2014/centrify-unix-deployment-guide.pdf