Set sync mapped users

Synchronize the Active Directory password for local mapped users.

When you enable this policy for a mapped user, if the user changes their UNIX password with the passwd command, or with a similar command, PAM changes the password to match in the local UNIX account. In this way, if there are problems with the network, Active Directory, or adclient, local users can still log into the machine.

To log in as a local user, append @localhost to the username; for example, [email protected]

After enabling this policy, click Browse to search for users to add.

For this policy to work:

- The specified user must be a mapped user configured in centrifydc.conf with the pam.mapuser parameter.
- Either Centrify DirectControl Agent or Microsoft password synchronization service must be installed on all domain controllers.
- The zone to which the machine belongs must be configured to support agentless clients.

This group policy has no effect on Mac OS X.

This group policy modifies the pam.sync.mapuser setting in the Centrify DirectControl configuration file.

Supported on:

Run Commands

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Login
Value Name{number}
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)