Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6057: How to automatically maintain user.ignore and group.ignore file for adclient?

Authentication Service ,  

3 May,19 at 06:12 PM

Applied to:
Centrify DirectControl 5.2.3+ on all *NIX OS platforms
 
Question:
How to automatically maintain user.ignore and group.ignore file for adclient?
 
Answer:
Starting in Centrify DirectControl 5.2.3 [Centrify Server 2015.1 release] Centrify introduced a new utility, adsyncignore.  This utility will find the local non-zone users and local non-zone groups and add them to the /etc/user.ignore and /etc/group.ignore files accordingly.

Example usage

This new script takes one option, --target, with two possible values, ‘user’ or ‘group’. adsyncignore will process local repository /etc/passwd and /etc/group, backup the current user.ignore / group.ignore file before updating these files respectively.  As part of the processing, adsyncignore will check if the same named user/group profile exist in Active Directory, and skip putting it in the ignore file if exists.  Thus, only putting the non-zone local user/group into the ignore files.


/usr/share/centrifydc/adedit/adsyncignore

To have all local non-zone users on the machine get added to the /etc/centrifydc/user.ignore file, please run:

   
 /usr/share/centrifydc/adedit/adsyncignore --target user

To have all local non-zone groups on the machine get added to the /etc/centrifydc/group.ignore file, please run:

     
 /usr/share/centrifydc/adedit/adsyncignore --target group

After running any of the above scripts you must run the adreload command for the CentrifyDC adclient to pick up the changes above:
   #/usr/share/centrifydc/libexec/adreload


Please see Centrify Server 2015.1 release notes for details:
https://docs.centrify.com/en/css/suite2015/2015.1-release-notes/DirectControl-Release-Notes.html


 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles