Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7104: Changes made to Centrify-managed local users do not take effect when ADUC or ADSI Edit is used

30 June,16 at 03:50 PM


Applies to: 

Centrify Server Suite 2016 and later (DirectControl 5.3.0+). 


Problem: 

The admanagelocal command does not reload local user information after updating local user attributes through AD Users and Computers or ADSI Edit. 
  
[root@centos67 ~]# admanagelocal -u -l all
TestLocaluser1:x:55555:55555:Test Local:/home/testlocaluser1:/bin/bash:enabled
[root@centos67 ~]# admanagelocal -R
[root@centos67 ~]# admanagelocal -u -l all
TestLocaluser1:x:55555:55555:Test Local:/home/testlocaluser1:/bin/bash:enabled

Cause: 

The admanagelocal -R option checks the local user's container's time stamp for changes. If the time stamp is the same as that of cache, it uses cached data instead. 
When a field is edited through ADUC or ADSI Edit, the container's time stamp is unchanged. Because of this, admanagelocal uses cached data. 


Resolution: 

Please use Access Manager or adedit to update local users' information. 
'admangelocal -R -p -f' can also be used to force it to read from AD. 
For example: 
  
[root@centos67 ~]# admanagelocal -u -l all
TestLocaluser1:x:55555:55556:Test Local:/home/testlocaluser1:/bin/bash:enabled
[root@centos67 ~]# admanagelocal -R -p -f
[root@centos67 ~]# admanagelocal -u -l all
TestLocaluser1:x:88888:88888:Test Local:/home/testlocaluser1:/bin/bash:enabled

 

Related Articles

 articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-3925: How to add Centrify parameter to a group policy articleKB-0493: Unix user's attributes for standard RFC 2307 zone type are not visible in ADSI Edit articleHow to use the Centrify PowerShell Module to Automate Access and Privilege Operations articleKB-2589: How to look for Service Connection Point (SCP) object in Active Directory using ldapsearch after doing a precreate articleKB-1849: How to configure NFSv4 with Kerberos articleKB-24225: In Centrify Infrastructure Services 19.6 adclient.cloud.connector fails to use the specified connector articleKB-5205: Device enrollment fails even when using a service account with full permissions to run the Cloud Connector article[Labs] Securing Windows Servers with Centrify Infrastructure Service - Local Password Management