Welcome to the Centrify forum.
We are happy to point you in the right direction, however, based on the components listed, looks like you are, were or at least tried the commercial version of our software.
The most important thing to know is to find out if you are (or were) at some point a commercial customer and how much of a commercial deployment you have (instead of Express). The last thing you want is to discover that you thought you were using Express, you are not, and then a bunch of critical systems are not accesible because your restore did not take that into consideration.
With that said, several potential courses of action here:
- If you are absolutely sure that you are our software in Express mode AND are using current (5.4.x) Centrify Express clients nothing needs to be done on the AD side (because in this type of deployment there's no "Centrify server components" needed. You can restore your AD environment without issues.
Note: Restorations go different ways sometime, and we don't know your FFL/DFL levels, but should you decide to go from a 2003 to a 2008/2012/2016 AD environment as part of your recovery, encryption levels will go up, and if you're running 5.0.2 agents, they won't be able to handle the upgrade in encryption levels. For that you have to be in 5.2 or above. A consideration for older agents may be the need to restart them or reset the system keytab (which resets the systems's account AD password). - If you are not sure if you are using the commercial version, then the very first step is to find out. Judging from how old the versions listed are (5.0.2.x) is been EOL for a year, looks like this deployment wasn't kept up to date. Here's the importance and some comments around each component:
- Common Component - not very important, as the name describes, it's a set of utilities/capablities common to all Centrify components. This is not a "server" component, no major worry if it can't be restored.
- Deployment Manager - this can be reinstalled and re-configured elsewhere. Some smaller shops use this freeemium utility to distribute our software, but it's been replaced by tools like Chef, Puppet, or scripts leveraging the repo.
- CDC ADUC extension - as the name says, this is an extension to ADUC. Since it's just a console, no major worry if it can't be restored.
- CDC Console - has gone already through 2 name changes; it's now called Access Manager. Another console, can be installed on any domain-joined system. No worries here.
- CDC Password Sync - this is very rarely used nowadays. Originally a "mee too" capability, but in reality not widely adopted due to it's need to be deployed in DCs. This is the only reason why you need to find out if you are using the commercial version. You would know if you have UNIX accounts (like root) that are mapped to a specific AD user and when the password is changed in AD, it's synced to UNIX systems.
Tips to find out if you're using the commercial version vs. express version:
- Not all users and groups are visible in your UNIX, Linux or Mac systems. (adquery user).
- You have access to clients for OSs that are not offered in the Express program (like HP-UX).
- You have a support account with access to the Download Center and your support contract is current.
- Your systems are joined to a named "zone" rather than Auto Zone (adinfo --zone).
- You needed to use the consoles to specifically grant access to users to UNIX/Linux systems.
- There is a deployment playbook left behind by Centrify professional servicdes.
What you need to download?
If Express:
- You may or may not have deployed Deployment Manager. This is not a critical component for functionality (it's used for deployments). You can download from the Express download page.
- Clients - should you need updated clients. You can download from the Express download page.
Expess page: https://www.centrify.com/express/linux/download/ (you'll have to fill the form).
If commercial software:
- You need the latest consoles and utilities: https://www.centrify.com/support/download/centrify-suite-2017.3-mgmt-win64.zip
- You need the latest client bundle: https://www.centrify.com/support/download/centrify-suite-2017.3-agents-dm.zip
(Note that the new product packaging includes our IDaaS platform and Vault).
Both links above require Customer Support Portal access.
What could have happened?
- Your organization could have evaluated the commercial version and decided not to go with it but chose to roll out Express. In that case the consoles are there because of this. (I think this is the best outcome for quick recovery).
- Your organization at some point was using the commercial version, and simply let your support lapse in favor of keeping the software running without the additional cost. In that case, you are likely to some assistance to rebuild, plus you'll need to download current supported software. In that case, please discuss with support to get options. They'll have to study your deployment to give you the best course of action. This will definitely slow down your recovery.
- Your organization chose to keep old "Express" agents prior to 5.2 (when due to abuse, we limited some features of the freemium version), because you wanted to retain the old functionality. In that case, the problem with that strategy has to do with due diligence. Any decent security practicioner knows that one of the most basic principles is to keep software up to date or at least patched. A lot has happened since 5.0.2 (released in Feb 2012). In that case, ideally all the agents have to be upgraded (especially if wanting to take advantage of newer Centrify and AD capabilities).
Finally, since this is likely to be read by people in the future, in the community there are resources that are useful:
- [10 Tips] I inherited a Centrify Server Suite Deployment - What's next?
https://community.centrify.com/t5/TechBlog/10-Tips-I-Inherited-a-Centrify-Server-Suite-Deployment-What-s/ba-p/23891 - Centrify UNIX clients High Availability Controls (personal blog)
http://centrifying.blogspot.com/2014/05/security-corner-centrify-unix-agents.html
R.P