Authentication Service, Auditing and Monitoring Service
000007493
A user was removed from an AD group that provided him with admin level access but, even after running adflush and adreload, the user still had the admin rights to all *nix machines.
Applies to: All version of DirectControl and DirectAudit.
Problem: An Active Directory group is created to give certain users admin rights on *nix servers and the group has been provisioned into Centrify. A user has been removed from the AD group, removal from the group in the zone is verified, but the user still has admin rights on *nix machines.
Cause: After looking at the user's provisioned account, the group is listed as his primary group.
Resolution: Changed the user's primary group to a group he is still a member of and ran adflush -f and adreload. The admin rights to *nix machines are now gone.