Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-7553: How to restrict the Centrify connector to only search forest where installed

Centrify Identity Service, App Edition ,  

18 October,16 at 10:17 PM

Applies to: Centrify identity Service, App Edition


Is it possible to configure the Centrify connector to perform object lookup only within the forest where installed?


By default, the Centrify connector service can search objects within all forests that maintain a transitive 2-way trust. When an Administrator needs to limit connector search to only the primary forest where the connector service is installed, the below registry key can be added to each connector host.

Note: For Information on restricting connector search to specific Domain Controllers, please refer to the following article: KB-5921: How to configure restricted or preferred domain controller lookups for the Centrify Cloud Connector

To restrict trusted forest search, add the following registry settings:

1. On the host where the Centrify connector(s) is/ are installed, open regedit.exe

2. Navigate to the key at:


3. Right click in the white space and click "New > DWORD (32 bit) Value" and give name:

          "AD.DiscoverFromTrustedForests" (without quotes)

User-added image

4. Open the new registry key to update the value, Set value to "0" (without quotes) to disable trusted forest search or "1" (without quotes) to enable trusted forest search.

User-added image

5. After adding the registry key or updating the key value, the connector service must be restarted for the new changes to take effect. Stop and Restart the Centrify connector service using one of the below methods:

a. Using Centrify Cloud Connector Configuration Wizard:

User-added image   

User-added image

b. Using Services.msc or MMC snap-in available via Administrative Tools:

User-added image

6. Repeat these steps on each Connector host in all forests, if applicable

For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or visit the Customer Support Portal at

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.