Set refresh interval for access control cache

Specify the maximum number of minutes to keep information from the authorization store cached before it expires. The default is 30 minutes.

The authorization store is an Active Directory object that stores the rights, roles, and role assignments DirectAuthorize uses to control access to dzdo privileged commands, dzsh restricted environments, and PAM-enabled applications. Because Centrify DirectControl Agent handles connecting to and retrieving information from Active Directory, this configuration parameter controls how frequently adclient retrieves the DirectAuthorize set of information from Active Directory if any such data has been modified in Active Directory.

After authorization store information is refreshed, if local account management feature is enabled, the local account profiles will be refreshed immediately after that. Hence, this parameter is also used in controlling sync interval of local account profiles from Active Directory to local passwd or group files.

This group policy modifies the adclient.azman.refresh.interval setting in the Centrify DirectControl configuration file. Since Centrify DirectControl Agent version 5.1.3, the setting is deprecated and superseded by the setting. So if you are using 5.1.3 or later, this group policy modifies the new setting instead.

Supported on:

Sync in the background
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Timeouts
Value Name
Default Value1
True Value1
False Value0


Administrative Templates (Computers)

Administrative Templates (Users)