Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-6389: Failed to query 1-way forest trust user after the user is added to existing AD Group with login/listed role assigned

Centrify DirectControl ,  

12 April,16 at 10:39 AM

Applies to:  CDC 5.2.3-429 on RHEL 6.6 x86_64

For an Active Directory user from one-way cross forest outbound trust, if the user's role assignment is added or removed after the complete zone user's profile is cached by DirectControl Agent, the user's profile is never expired in the cache and the user is not shown up or removed from the UNIX machine.

The user's profile is never expired in the cache​

It can be fixed by flushing the local cache: adflush –e
/etc/centrifydc/centrifydc.conf file and make sure parameter is below:

adclient.cache.object.lifetime: 1 

This has been fixed in Suite 2016


Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.