Applies to: All supported versions of DirectControl
Question: Is Windows 2012 SID compression supported by Centrify DirectControl.
Answer: SID compression is supported as of DirectControl 5.2.1 (Suite 2014.1) .
Windows 2012 has new Kerberos feature - "SID compression". This is a relief for the problem of PAC overflow for users belonging to a large number of groups. A new attribute "ResourceGroupIds" is introduced to contain the new ways for principal SIDs (just the RID).
Note: Resource SID compression is on by default on Windows 2012 and higher; however, you can disable it.
To disable resource SID compression on a Windows Server 2012 KDC using the "DisableResourceGroupsFields" registry value under the HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kdc\Parameters registry key. This registry value has a DWORD registry value type. You completely disable resource SID compression when you set the registry value to 1. The KDC reads this configuration when building a service ticket. With the bit enabled, the KDC does not use resource SID compression when building the service ticket.
This disables resource SID compression on an individual Windows Server 2012 domain controller (KDC). You must apply this setting to each Windows Server 2012 domain controller to ensure the domain controllers do not issue tickets that use resource group SID compression
Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy. Customers should contact the vendor if there are any further questions