AD user primary group

Showing results for 
Search instead for 
Do you mean 
Participant II
Posts: 3
Registered: ‎12-20-2018
#1 of 3 266
Accepted Solution

AD user primary group

I need to change the local primary group of a couple of AD service accounts.  Changing the primary group in AD is not an option.  I've read some previous posts and found this to be the most promising.


Has anyone had success doing this?

This functionality is not available in the free version of Centrify, correct?

Centrify Guru I
Posts: 2,452
Registered: ‎07-26-2012
#2 of 3 264

Re: AD user primary group

@Moto ,


Welcome to the Centrify community.

The UNIX identity in Express/Workstation mode is auto-generated.


  • login is the AD users's samaccountname.  For groups, name is the samaccountname.
  • UID is generated using either the Centrify or Apple algorithms with the object's SID.
  • Primary Group GID -  same as above.
  • GECOS is the user's Display Name.
  • home and shell directory are the default for the OS.  Since Express is only available on Linux:  /home/user and /bin/bash


The commercial versions support full identity management or the overrides.

Supports the following schemas:  RFC2307, SFU, Centrify Standard, etc.


Management is via GUI/MMC, PowerShell, adedit (UNIX/TCL), etc.



The post you referenced is from 2012.  Back then, the local overrides were supported in Express, unfortunately these capabilities were removed in the summer of 2014 due to abuse.



Want to learn more about practical Centrify examples? Check out my blog at
Follow Centrify:
Participant II
Posts: 3
Registered: ‎12-20-2018
#3 of 3 258

Re: AD user primary group

Thank you for the prompt reply.  I have requested a quote for the standard version so we can embrace this functionality.  :)