Specify AD users allowed in Auto Zone

Specify the Active Directory users to be included in Auto Zone.

By default all Active Directory users are included in the Auto zone. When you enable this policy, the users specified and members of the groups specified in "Specify groups of AD users allowed in Auto Zone" are able to log in using their Active Directory account.

You specify users by name or you can list the user names in a file. The user name can be specified in any of the following formats:
- SAM account name: [email protected]
(specify the domain if the account is not in the current domain)
- User Principal Name: [email protected]
- NTLM: DOMAIN+sAMAccountName
- Full DN: CN=commonName,...,DC=domain_component,DC=domain_component
- Canonical Name: domain.com/container/cn

If a name contains space characters, you can put the name in double quotes or escape the space characters using backslashes:
e.g. "Krusty T. Clowns", Jane\ Doe

adclient writes any name that is not recognized to the Centrify DirectControl log file.

You can enter the list of users separated by comma, for example:
joe, janedoe, user1, [email protected], DOMAIN+user3, CN=user4\,CN=Users\,DC=domain\,DC=com, domain.com/Users/user5

You can also use a file to specify users. In the file, enter each name line by line. You can mix name formats, for example:
joe
janedoe
user1
[email protected]
DOMAIN+user3
CN=user4,CN=Users,DC=domain,DC=com
domain.com/Users/user5

This policy modifies the auto.schema.allow.users setting in the Centrify DirectControl configuration file.

Supported on:

Skip items whose name contains

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Adclient
Value Name{number}
Value TypeREG_DWORD
Default Value

centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)