Thanks
A couple of followup questions.
1. When you say normal 90minute refresh rules apply to authentication related policies, I assume you are referring to something like https://msdn.microsoft.com/en-us/library/ms812018.aspx ? So I assume even an adclient running on Linux will honour this refresh cycle? One very specific question in this. When I reset a password directly in AD "Active Directory Users and Computers > Domain > Users > particular user > Right click and 'Reset Password' ", does this get refreshed as a part of this policy-refresh? Even on windows, a "gpupdate /force" does not seem to refresh it and I remember keeping a VPN connected on a linux-adclient machine for 3-4 hours and it still used old credentials when I was logging it. Hence checking.
2. Your suggestion of a devops tool like puppet/ansible for config settings makes perfect sense. Just for my understanding : If and when we move from Express to a licensed version, how would these config settings look like in the UI? Would there be the regular settings for WIndows clients (like what I wrote for screenlock in the above post) and a separate one which uses Centrify GPO for non-windows or would there just be one set of policies under Centrify Settings which would be translated by adclient even on windows machines ? I assume its latter but just confirming.
Thanks,
Vikram