Show effective user rights for a specific computer populates blank
Applies to: Centrify DirectManage Suite 2016.1 (5.3.1) on all OS versions
Problem: Show effective user rights for a computer within Access Manager shows empty / no users.
Cause: This issue may occur when there are duplicate computer role/zone objects housed in Active Directory.
Resolution: Determine if there are any duplicate msDS-AzScope objects. The CN will likely be unique, however duplicates may be tracked via the value contained within the msDS-AzScopeName attribute of the objects.
An easy method for checking for duplicate objects is to run an ldap search to print the msDS-AzScopeName for msDS-AzScope objects within the domain (must be run as root): # /usr/share/centrifydc/bin/ldapsearch -QLLLrm "(objectClass=msDS-AzScope)" msDS-AzScopeName
Once duplicate objects have been discovered, open ADSIedit or ADUC with 'View>Advanced Features' enabled. Navigate to the duplicate msDS-AzScope location and delete the older msDS-AzScope object that is the duplicate.
Test show effective user rights for problematic computer.