Enable user lookup and login by CN

Specify whether you want to allow users to be found by their common name (cn) attribute.

By default, Centrify DirectControl Agent allows users to login using their UNIX profile name, Active Directory displayName, or Active Directory cn attribute. However, allowing users to log on using these additional attributes can require Centrify DirectControl Agent to perform multiple searches to locate a user account in Active Directory. In environments with domain controllers under heavy load or with large user populations, searching Active Directory multiple times may negatively impact performance.

If you want to prevent Centrify DirectControl Agent from attempting to access to user information by the common name, you can disable this policy.

This group policy modifies the adclient.user.lookup.cn setting in the Centrify DirectControl configuration file.

Supported on:

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Timeouts
Value Nameadclient.user.lookup.cn
Value TypeREG_SZ
Enabled Valuetrue
Disabled Valuefalse

Skip items whose partial path matches

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Timeouts
Value Name{number}
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)