find-generic-password /Active Directory/DOMAINAME Equivelent for Centrify
05-08-2017 10:51 AM
I did actually have an open ticket with Centrify to work on that issue with the back end way of doing thing. But you are right about the long run. It may not be impemented until later in the year. I didn't really get a timeframe on completion. Hoping to have a quicker temporary solution to help with the constant problems we are seeing now.
The options you suggest do sound foregin to me so I may need a little more walkthrough steps to test that.
I feel like I'm close with the script I'm using now if I can just figure out how to get the /CentrifyDC item back in keychain for the machines it has been removed on without having to do a manual unbind and then rebind again.
I was able to replicate a cause of /CentrifyDC being removed for testing. If on a Centrify Bound machine you go into terminal and type "sudo systemkeychain -vfcC" it blows away the keychain and recreates everying and then adgpupdate brings all the certs back and everything. But the /CentrifyDC object is missing after that.
06-05-2017 02:44 AM
Just wanted to let you know that the access control feature is now available in Suite 2017.1:
Please note that you will need to upgrade the agent to 2017.1 verion and also the group policy template. If you need any assistance on this, please file a ticket to Support and one of our Support engineer could help you out. Thanks.
06-06-2017 08:19 AM
Thanks for letting me know. I installed the 2017.1 version but I don't see the new keys available under "Public Key Policies" yet. I confirmed 126.96.36.1999 is the installed version of the Group Policy Management Editor Exenstion and the ADUC exension. Is there another component I need to see the new keys?
The only ones that show are Do not Allow private key to be extractable & Store Private and public key in keychain only.
06-06-2017 08:23 AM
You will also need to update the template. Please find the details on how to update the template in below KB article:
Hope this helps.