Welcome to the Centrify community forums.
Rapid fire answers:
- Is this "tatoo" error anything I should be concerned about? How do I fix it?
Our apologies for the curious message, the simple explanation is that adleave attempted to clear thesperating system and version information for its AD computer object prior to disabling it and it could not.
This is due to the SELF conditional object not having the proper permissions to write those attributes.
The KB below explains some of the attributes that the computer object should be able to modify. KB is a benefit of all current commercial customers. - How can I determine why this box became disconnected from the domain in the first place?
Just recently, we answered this for another poster: https://community.centrify.com/t5/Centrify-Express/Centrify-disconnected-in-MAC-e-Linux/m-p/30080#M10709 - Why did the krb5.keytab disappear? Why didn't "adkeytab" work?
Hard to know without access to the system or a change control log (human interention? DevOps solution?)
======================
KB-8453: What computer account attributes are managed by Centrify at join time and on an ongoing basis?
Centrify DirectControl ,
30 March,17 at 03:28 PM
Applies to:
All version of DirectControl
Question:
What computer account attributes are managed by Centrify at join time and on an ongoing basis?
Answer:
On an ongoing basis, Centrify does the following:
(1) monitors the computer account password and, every 28 days, adclient will try to change it.
(2) on adclient start up, and at intervals, adclient will update the following computer objects:
All version of DirectControl
Question:
What computer account attributes are managed by Centrify at join time and on an ongoing basis?
Answer:
On an ongoing basis, Centrify does the following:
(1) monitors the computer account password and, every 28 days, adclient will try to change it.
(2) on adclient start up, and at intervals, adclient will update the following computer objects:
- operatingSystem
- operatingSystemVersion
- operatingSystemServicePack
- postalAddress
- msds-SupportedEncryptionType