Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-9622: Active Directory user no longer has permissions to access an application that was previously assigned.

App Access Service ,  

28 December,17 at 05:47 PM

Issue:

An Active Directory user no longer has permissions to access an application that was previously assigned. 







Cause:

The Centrify Connector does not have the permissions to search the security groups or the user object does not have a value for the ‘tokenGroupsGlobalAndUniversal’ property. 







Resolution:

Completed the following steps to give the Centrify Connector to search for user’s group membership: 

1. In ADUC, go to Builtin container

2. Look for the “Pre-Windows 2000 Compatible Access Security” and/or “Windows Authorization Access Group” group

User-added image

3. Under the Members tab, click on Add

User-added image

4. Make sure the Object Type has ‘Computers’ selected

User-added image

5. Search for and add the hostname of each Connector

User-added image

6. Complete these steps on all domain controllers

7. Restart the Connector service after making the changes

User-added image

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.