This group policy specifies whether Centrify DirectControl Agent should switch its ldap binding to different domain controller in the preferred site periodically.
Binding to a different domain controller in the same site periodically can help to facilitate load balancing between the domain controllers.
After switching to a different domain controller, Centrify DirectControl Agent has to rebuild its cache entirely from AD; and if there are many machines joined to a large domain, enabling this group policy could have adverse impact on the domain controllers.
If you select Enabled for this group policy, the Centrify DirectControl Agent will attempt to connect to another domain controller in the preferred site when the period specified by adclient.binding.refresh.interval setting in the Centrify DirectControl configuration file has expired.
If this group policy is not configured, the default value is Disabled, that is the ldap binding will not be refreshed periodically after switching to the closest site.
This group policy modifies the adclient.binding.refresh.force parameter in the Centrify DirectControl configuration file.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Timeouts |
Value Name | adclient.binding.refresh.force |
Value Type | REG_SZ |
Enabled Value | true |
Disabled Value | false |
Delete mobile accounts at specified time after user's next login:
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Timeouts |
Value Name | adclient.binding.refresh.force |
Value Type | REG_DWORD |
Default Value | 5 |
Min Value | 0 |
Max Value |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Timeouts |
Value Name | adclient.binding.refresh.force |
Value Type | REG_DWORD |
Default Value | 1 |
True Value | 1 |
False Value | 0 |