Specify AD groups allowed in Auto Zone

Specify the Active Directory groups to include in the Auto Zone.

By default all Active Directory groups are included. When you specify one or more groups in this parameter, the groups specified are assigned a group ID on this computer.

Note: If an Active Directory user specified in "Specify AD users allowed in Auto Zone" is a member of a group and that group is NOT specified in "Specify AD groups allowed in Auto Zone", that group is ignored.

Any groups listed under "Specify AD groups allowed in Auto Zone" can be domain local, global or universal groups. They must be security groups; however, distribution groups are not supported.

You specify each group by name or you can list the groups in a file. The group name can be specified in any of the following formats:
- SAM account name: [email protected]
(specify the domain if the group is not in the current domain)
- User Principal Name: [email protected]
- NTLM: DOMAIN+sAMAccountName
- Full DN: CN=commonName,...,DC=domain_component,DC=domain_component
- Canonical Name: domain.com/container/cn

If a name contains space characters, you can put the name in double quotes or escape the space characters using backslashes:
e.g. "Domain Admins", Domain\ Users

adclient writes any name that is not recognized to the Centrify DirectControl log file.

You can enter the list of groups separated by comma, for example:
centrify_groups, "Domain Admins", Domain\ Users, group1, [email protected], DOMAIN+group3, CN=group4\,CN=Users\,DC=domain\,DC=com, domain.com/Users/group5

You can also use a file to specify groups. In the file, enter each name line by line. You can mix name formats, for example:
centrify_users
"Domain Admins"
Domain Users
group1
[email protected]
DOMAIN+group3
CN=group4,CN=Users,DC=domain,DC=com
domain.com/Users/group5

This policy modifies the auto.schema.groups setting in the Centrify DirectControl configuration file.

Supported on:

Skip items whose full path matches

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Adclient
Value Name{number}
Value TypeREG_DWORD
Default Value

centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)