Applies to: Centrify DirectControl 5.2.3+ on all OS platform
Question: How to restrict adclient to only connect to DCs / GCs in specific site list?
Answer: Starting DirectControl 5.2.3, Centrify administrator can specify a list of sites, and optionally a domain, to search for domain controllers and the global catalog if they are not found in the preferred site.
Example usage: 1. Edit CentrifyDC.conf 2. adclient.lookup.sites: site1 [site2] [site3]... Note: You can use any legal Active Directory site name when you set this parameter. For example: adclient.lookup.sites USTEXAS USCALIFORNIA 3. Restart the adclient to take effect.
Centrify administrator can specify the preferred site in the adclient.preferred.site configuration parameter, and the preferred site is displayed when you execute the adinfo command. The format for this parameter is: adclient.lookup.sites: site1 [site2] [site3]...
The agent performs the following steps whenever it attempts to connect to a DC or GC: 1. Discover the preferred site. 2. From DNS, get a list of DCs or GCs in the preferred site and attempt to connect to each one until a connection is successful or the list is exhausted. 3. If unable to connect to a DC or GC in the preferred site, try to connect to a DC or GC in any site.
By using this configuration parameter, you can restrict step 3 to a specific set of alternate sites to search for DCs or GCs. Run Active Directory Sites and Services to see a list of sites for your environment. Sites are searched in the list order that you specify.