KB-7493: User accont retaining rights after being removed from Active Directory group that allocated them

Tips for finding Knowledge Articles

- Enter just a few key words related to your question or problem
- Add Key words to refine your search as necessary
- Do not use punctuation
- Search is not case sensitive
- Avoid non-descriptive filler words like "how", "the", "what", etc.
- If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
- Minimum supported Internet Explorer version is IE9

Home >

KB-7493: User accont retaining rights after being removed from Active Directory group that allocated them

Product:

Auditing and Monitoring Service , Authentication Service ,

Published:

21 September,16 at 03:34 PM

Rating:

Applies to: All version of DirectControl and DirectAudit.

Problem:
An Active Directory group is created to give certain users admin rights on *nix servers and the group has been provisioned into Centrify. A user has been removed from the AD group, removal from the group in the zone is verified, but the user still has admin rights on *nix machines.

Cause:
After looking at the user's provisioned account, the group is listed as his primary group.

Resolution:
Changed the user's primary group to a group he is still a member of and ran adflush -f and adreload. The admin rights to *nix machines are now gone.

KB-7493: User accont retaining rights after being removed from Active Directory group that allocated them

PLATFORM

COMPANY

SERVICES

SUPPORT

COMMUNITIES

DEVELOPERS

RESOURCES

Related Articles

KB-7493: User accont retaining rights after being removed from Active Directory group that allocated them

Related Articles

PLATFORM

COMPANY

SERVICES

SUPPORT

COMMUNITIES

DEVELOPERS

RESOURCES