Active Directory users no longer have access to an application that was previously assigned.Cause:
The Centrify Connector does not have the permissions to search the user's group membership or cannot locate the user's value for the ‘tokenGroupsGlobalAndUniversal’
Complete the following steps to give the Centrify Connector permission to search for the user’s group membership or locate the value for the ‘tokenGroupsGlobalAndUniversal’
- In ADUC, go to the 'Builtin' container.
- Look for the “Pre-Windows 2000 Compatible Access Security” and/or “Windows Authorization Access Group” group.
- Under the Members tab, click on Add.
- Make sure the Object Type has ‘Computers’ selected.
- Search for and add the host name of each Connector.
- Complete these steps on all domain controllers.
- Restart the Connector service on each machine after making the changes.