Centrify ADEdit is a command-line interface (CLI) utility that enables UNIX administrators to manage Centrify objects—such as zones, rights, and roles—in Microsoft Active Directory.

Here's a custom script that will help you change the shell on all the zone users at the same time:

#!/bin/env adedit
 
package require ade_lib
 
bind   
 
select_zone 
 
        foreach USER [get_zone_users] {
                select_zone_user $USER
                set_zone_user_field shell "%{shell}"
                save_zone_user
        }

Before you run it make sure to:

1. Specify the AD domain (in DNS format), Zone admin user and its password at line 5;

2. Specify the zone DN at line 7, see below how to retrieve this info:

3. Change the shell value at line 11 (for example set_zone_user_field shell "/bin/false");

4. Make sure to change the file permissions to allow execution (chmod +x file_name.sh).