How to skip LDAP probe for one-way trusted domain controller(s)
Background: Two domains are configured with a one-way trust. Domain A is the user domain. Domain B is the resource domain. Domain B trusts Domain A.
Problem: CentrifyDC on a machine in Domain B trying to query Domain A via LDAP 389?
Solution: Starting with Suite 2016 (cdc 5.3.0), we have implemented a new parameter in /etc/centrifydc/centrifydc.conf to address this:
This configuration parameter specifies whether you want to prevent the agent from sending LDAP queries to outbound trust domains that do not have users in Centrify zones. If you set this parameter to true, the agent will only send network queries to outbound trust domains that have users in Centrify zones. If you are manually setting this parameter, the parameter value must be true or false. If the parameter is not explicitly defined in the configuration file or by group policy, its default value is false. 'adreload' is needed to take effect of the new setting, then run 'adflush -t' to flush the trust domain cache
Note: Another parameter in /etc/centrifydc/centrifydc.conf that can be used to prevent the agent from sending network queries to outbound trust domains.
This configuration parameter specifies a list of domains to exclude from the list of trusted domains. For example, you might want to exclude specific domains that are contained within a trusted forest. To specify domains to exclude, enter one or more domain names in domains FQDN format, separated by spaces, For example: