Specify AD users allowed in Auto Zone

Specify the Active Directory users to be included in Auto Zone.

By default all Active Directory users are included in the Auto zone. When you enable this policy, the users specified and members of the groups specified in "Specify groups of AD users allowed in Auto Zone" are able to log in using their Active Directory account.

You specify users by name or you can list the user names in a file. The user name can be specified in any of the following formats:
- SAM account name: [email protected]
(specify the domain if the account is not in the current domain)
- User Principal Name: [email protected]
- NTLM: DOMAIN+sAMAccountName
- Full DN: CN=commonName,...,DC=domain_component,DC=domain_component
- Canonical Name: domain.com/container/cn

If a name contains space characters, you can put the name in double quotes or escape the space characters using backslashes:
e.g. "Krusty T. Clowns", Jane\ Doe

adclient writes any name that is not recognized to the Centrify DirectControl log file.

You can enter the list of users separated by comma, for example:
joe, janedoe, user1, [email protected], DOMAIN+user3, CN=user4\,CN=Users\,DC=domain\,DC=com, domain.com/Users/user5

You can also use a file to specify users. In the file, enter each name line by line. You can mix name formats, for example:
[email protected]

This policy modifies the auto.schema.allow.users setting in the Centrify DirectControl configuration file.

Supported on:

Skip items whose name contains

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Adclient
Value Name{number}
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)