AD user primary group
3 weeks ago
I need to change the local primary group of a couple of AD service accounts. Changing the primary group in AD is not an option. I've read some previous posts and found this to be the most promising. https://community.centrify.com/t5/Centrify-Express/Map-AD-group-to-local-Linux-group-with-Centrify-E...
Has anyone had success doing this?
This functionality is not available in the free version of Centrify, correct?
Solved! Go to Solution.
3 weeks ago
Welcome to the Centrify community.
The UNIX identity in Express/Workstation mode is auto-generated.
- login is the AD users's samaccountname. For groups, name is the samaccountname.
- UID is generated using either the Centrify or Apple algorithms with the object's SID.
- Primary Group GID - same as above.
- GECOS is the user's Display Name.
- home and shell directory are the default for the OS. Since Express is only available on Linux: /home/user and /bin/bash
The commercial versions support full identity management or the overrides.
Supports the following schemas: RFC2307, SFU, Centrify Standard, etc.
Management is via GUI/MMC, PowerShell, adedit (UNIX/TCL), etc.
The post you referenced is from 2012. Back then, the local overrides were supported in Express, unfortunately these capabilities were removed in the summer of 2014 due to abuse.