Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-5919: How to configure the Centrify cloud connector to manage Active Directory user delete activities

Privileged Access Service ,  

16 May,19 at 12:25 PM

Applies to: Centrify Privileged Access Service

This article outlines the steps for using the Centrify Cloud Connector Configuration Wizard to delegate permissions
to the cloud connector for management of Active Directory user delete activities.

Active Directory stores a small portion of deleted object details for a specified period of time so that other replicating
domain controllers will become aware of the deletion. The Centrify cloud connector requires additional permissions
in order to read deleted object information within Active Directory. The Local System account used to start the cloud
connector service does not have access to read deleted object information by default.

Note: A Domain Admin account or account with similar permissions is generally
required to delegate rights to read deleted object information.

There are two methods to access the Centrify Cloud Connector Configuration Wizard:

(A) Install the cloud connector on a Windows host for the very first time and configure permissions:
  1. Download the cloud connector
  2. Extract the package contents and launch Autorun.exe
  3. After installation is complete, the Cloud Connector Configuration Wizard will open automatically

(B) If the cloud connector is already installed, re-register the service to configure permissions:
  1. Launch the Cloud Connector Configuration utility on the host where the service is installed (C:\Program Files\Centrify\Cloud Management Suite\ProxyUI.exe)
  2. Select the Cloud Connector tab at the top of the utility
  3. Select the Re-register button to launch the Cloud Connector Configuration Wizard
       User-added image

Running the installation wizard

Repeat the following configuration wizard steps for each installed connector instance.

1. Launch the wizard and Click Next.

       User-added image

2. Enter the user name and password for an account that is a member of the Centrify Cloud Manager sysadmin role
or one with the Register cloud connectors administrative rights and click Next.

       User-added image

3. Place a check in the box next to the desired domain where the cloud connector permissions should apply. Click Next.

       User-added image

Note: If credentials need to be specified that differ from the currently logged in account, select and highlight
the domain to enable the Edit button and enter alternate account details. Click OK to continue.

       User-added image

4. The wizard proceeds to register the cloud connector in your identity platform account, initialize the settings, and
start the service.

Note: If the cloud connector service was previously started and running, the wizard will restart the service as part
of the configuration process.

       User-added image

5. Installation and registration or the cloud connector service should now be complete. Click Finish to close the wizard.
       User-added image

For additional information on viewing deleted object information within Active Directory, please refer to the
following Microsoft Support link. This link is provided only as a convenience for Centrify customers.