Applies to: Centrify Privileged Access Service


This article outlines the steps for using the Centrify Cloud Connector Configuration Wizard to delegate permissions
to the cloud connector for management of Active Directory user delete activities.

Active Directory stores a small portion of deleted object details for a specified period of time so that other replicating
domain controllers will become aware of the deletion. The Centrify cloud connector requires additional permissions
in order to read deleted object information within Active Directory. The Local System account used to start the cloud
connector service does not have access to read deleted object information by default.

Note: A Domain Admin account or account with similar permissions is generally
required to delegate rights to read deleted object information.


There are two methods to access the Centrify Cloud Connector Configuration Wizard:

(A) Install the cloud connector on a Windows host for the very first time and configure permissions:

1. Download the cloud connector
2. Extract the package contents and launch Autorun.exe
3. After installation is complete, the Cloud Connector Configuration Wizard will open automatically

(B) If the cloud connector is already installed, re-register the service to configure permissions:

1. Launch the Cloud Connector Configuration utility on the host where the service is installed (C:\Program Files\Centrify\Cloud Management Suite\ProxyUI.exe)
2. Select the Cloud Connector tab at the top of the utility
3. Select the Re-register button to launch the Cloud Connector Configuration Wizard

      



Running the installation wizard

Repeat the following configuration wizard steps for each installed connector instance.

1. Launch the wizard and Click Next.

      


2. Enter the user name and password for an account that is a member of the Centrify Cloud Manager sysadmin role
or one with the Register cloud connectors administrative rights and click Next.

      


3. Place a check in the box next to the desired domain where the cloud connector permissions should apply. Click Next.

      

Note: If credentials need to be specified that differ from the currently logged in account, select and highlight
the domain to enable the Edit button and enter alternate account details. Click OK to continue.

      


4. The wizard proceeds to register the cloud connector in your identity platform account, initialize the settings, and
start the service.

Note: If the cloud connector service was previously started and running, the wizard will restart the service as part
of the configuration process.

      


5. Installation and registration or the cloud connector service should now be complete. Click Finish to close the wizard.
      
      




For additional information on viewing deleted object information within Active Directory, please refer to the
following Microsoft Support link. This link is provided only as a convenience for Centrify customers.

• https://support.microsoft.com/en-us/kb/258310