This article describes the steps to restrict the Centrify connector to only perform object search within the forest where the connector is installed. Additional forests that maintain a 2-way trust with the forest where the connector is installed will not be searched or process authentication.
Applies to: Centrify identity Service, App Edition
Is it possible to configure the Centrify connector to perform object lookup only within the forest where installed?
By default, the Centrify connector service can search objects within all forests that maintain a transitive 2-way trust. When an Administrator needs to limit connector search to only the primary forest where the connector service is installed, the below registry key can be added to each connector host.
To restrict trusted forest search, add the following registry settings:
1. On the host where the Centrify connector(s) is/ are installed, open regedit.exe
2. Navigate to the key at:
3. Right click in the white space and click "New > DWORD (32 bit) Value" and give name:
"AD.DiscoverFromTrustedForests" (without quotes)
4. Open the new registry key to update the value, Set value to "0" (without quotes) to disable trusted forest search or "1" (without quotes) to enable trusted forest search.
5. After adding the registry key or updating the key value, the connector service must be restarted for the new changes to take effect. Stop and Restart the Centrify connector service using one of the below methods:
a. Using Centrify Cloud Connector Configuration Wizard:
b. Using Services.msc or MMC snap-in available via Administrative Tools:
6. Repeat these steps on each Connector host in all forests, if applicable