A customer raised this question as he's setting up a way to manage the lifecycle of his computers and thought these would be useful to know about when updating or doing maintenance on the machines.
Applies to: All version of DirectControl
Question: What computer account attributes are managed by Centrify at join time and on an ongoing basis?
Answer: On an ongoing basis, Centrify does the following: (1) monitors the computer account password and, every 28 days, adclient will try to change it. (2) on adclient start up, and at intervals, adclient will update the following computer objects:
operatingSystem
operatingSystemVersion
operatingSystemServicePack
postalAddress
(3) There is one additional attribute that is consistently monitored:
msds-SupportedEncryptionType
This will be updated when the Domain Functional Level is raised from Windows Server 2003 to Windows Server 2008 and up. Its function is to to add or enable AES128 and AES256 support.