KB-7104: Changes made to Centrify-managed local users do not take effect when ADUC or ADSI Edit is used

Tips for finding Knowledge Articles

- Enter just a few key words related to your question or problem
- Add Key words to refine your search as necessary
- Do not use punctuation
- Search is not case sensitive
- Avoid non-descriptive filler words like "how", "the", "what", etc.
- If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
- Minimum supported Internet Explorer version is IE9

Home >

KB-7104: Changes made to Centrify-managed local users do not take effect when ADUC or ADSI Edit is used

Product:

Published:

30 June,16 at 03:50 PM

Rating:

Applies to:

Centrify Server Suite 2016 and later (DirectControl 5.3.0+).

Problem:

The admanagelocal command does not reload local user information after updating local user attributes through AD Users and Computers or ADSI Edit.

[root@centos67 ~]# admanagelocal -u -l all
TestLocaluser1:x:55555:55555:Test Local:/home/testlocaluser1:/bin/bash:enabled
[root@centos67 ~]# admanagelocal -R
[root@centos67 ~]# admanagelocal -u -l all
TestLocaluser1:x:55555:55555:Test Local:/home/testlocaluser1:/bin/bash:enabled

Cause:

The admanagelocal -R option checks the local user's container's time stamp for changes. If the time stamp is the same as that of cache, it uses cached data instead.
When a field is edited through ADUC or ADSI Edit, the container's time stamp is unchanged. Because of this, admanagelocal uses cached data.

Resolution:

Please use Access Manager or adedit to update local users' information.
'admangelocal -R -p -f' can also be used to force it to read from AD.
For example:

[root@centos67 ~]# admanagelocal -u -l all
TestLocaluser1:x:55555:55556:Test Local:/home/testlocaluser1:/bin/bash:enabled
[root@centos67 ~]# admanagelocal -R -p -f
[root@centos67 ~]# admanagelocal -u -l all
TestLocaluser1:x:88888:88888:Test Local:/home/testlocaluser1:/bin/bash:enabled