Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6021: Adedit computer precreate no longer working

Centrify DirectControl ,  

12 April,16 at 10:57 AM

Problem:

After upgrading to DirectControl Suite 2015, prereate computer object is no longer functioning as expected. A message similar to the following may be observed:


Error: Could not pre-create computer account rh1 in centrify.vms in zone CN=Engineering,CN=Global,CN=Zones,OU=centrifyse,DC=centrify,DC=vms due to the following error: No binding for GC in forest CENTRIFY.VMS
Success: Adding of machine: rh1 to AD group: Linux_Assets@centrify.vms



Cause:

Centrify introduced a fix in Suite 2015 in the code for this procedure. This fix implements an explicit requirement for GC binding in many adedit operations. This is a safeguard against non-unique SCP creation within the forest.

Workaround:

Adding a GC binding within the adedit script will alleviate this issue and allow the precreation to go through successfully. To address concerns that this fix brought about with scripts already placed into production, Centrify has also introduced a workaround in Suite 2015.1 (5.2.3) which will allow you to bypass the GC binding requirement by adding an additional argument: -nogc

For details on this, please refer to the 'precreate_computer' entry within the 2015.1 adedit guide (page 352~354)

"You should note that performing these tasks requires access to the global catalog by default. You can intentionally skip the global catalog search if you know the service connection point you are creating is unique in the forest. However, skipping the global catalog search might prevent you from joining the computer to the domain if there is a conflict."

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.