Specify the Active Directory groups to include in the Auto Zone.
By default all Active Directory groups are included. When you specify one or more groups in this parameter, the groups specified are assigned a group ID on this computer.
Note: If an Active Directory user specified in "Specify AD users allowed in Auto Zone" is a member of a group and that group is NOT specified in "Specify AD groups allowed in Auto Zone", that group is ignored.
Any groups listed under "Specify AD groups allowed in Auto Zone" can be domain local, global or universal groups. They must be security groups; however, distribution groups are not supported.
You specify each group by name or you can list the groups in a file. The group name can be specified in any of the following formats:
- SAM account name: [email protected]
(specify the domain if the group is not in the current domain)
- User Principal Name: [email protected]
- NTLM: DOMAIN+sAMAccountName
- Full DN: CN=commonName,...,DC=domain_component,DC=domain_component
- Canonical Name: domain.com/container/cn
If a name contains space characters, you can put the name in double quotes or escape the space characters using backslashes:
e.g. "Domain Admins", Domain\ Users
adclient writes any name that is not recognized to the Centrify DirectControl log file.
You can enter the list of groups separated by comma, for example:
centrify_groups, "Domain Admins", Domain\ Users, group1, [email protected], DOMAIN+group3, CN=group4\,CN=Users\,DC=domain\,DC=com, domain.com/Users/group5
You can also use a file to specify groups. In the file, enter each name line by line. You can mix name formats, for example:
centrify_users
"Domain Admins"
Domain Users
group1
[email protected]
DOMAIN+group3
CN=group4,CN=Users,DC=domain,DC=com
domain.com/Users/group5
This policy modifies the auto.schema.groups setting in the Centrify DirectControl configuration file.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Adclient |
Value Name | {number} |
Value Type | REG_DWORD |
Default Value |