Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-9454: Active Directory users no longer have access to assigned applications.

Centrify Identity Service, App Edition ,  

14 November,17 at 12:52 AM

Issue: Active Directory users no longer have access to an application that was previously assigned.






Cause: The Centrify Connector does not have the permissions to search the user's group membership or cannot locate the user's value for the ‘tokenGroupsGlobalAndUniversal’ property.







Resolution: Complete the following steps to give the Centrify Connector permission to search for the user’s group membership or locate the value for the ‘tokenGroupsGlobalAndUniversal’ property:
 
  1. In ADUC, go to the 'Builtin' container.
  2. Look for the “Pre-Windows 2000 Compatible Access Security” and/or “Windows Authorization Access Group” group.
  3. Under the Members tab, click on Add.
  4. Make sure the Object Type has ‘Computers’ selected.
  5. Search for and add the host name of each Connector.
  6. Complete these steps on all domain controllers.
  7. Restart the Connector service on each machine after making the changes.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.