I'm confused then as to how the local profile and folders are built when an AD account authenticates to a laptop with Centrify Express installed.
UNIX/Linux systems have a framework called Pluggable Authentication Module or PAM. PAM modules do account, authentication, password, and session-related tasks. The names are self-explanatory.
The session module has the responsibility of setting-up the user's environment, that includes setting their home directory.
More info here: https://en.wikipedia.org/wiki/Linux_PAM (plus all around the web).
I 'rm' the home directory a new one will get built when the user next logs in?
Yes, you are correct.
Basically, I need to ignore the "Users & Accounts" UI completely when dealing with an AD-authenticated account on the Linux workstation?
It depends. Users and Accounts is for local. AD users belong to a centralized directory service.
Let's reload here...
What do you want to accomplish?
- If you want to delete a user account, speak to your Active Directory administrator.
- If you want to prevent a user from logging-in to a specific system (or group of systems), we have the best solution in the market: Centrify Intrastructure Service. It also works on Windows and provides MFA, Identity Management, Privilege Elevation, Session Capture, Password Vaulting, DevOps capabilities, the best PS and awesome support, docs and community, etc.
Give us what you want to accomplish without any technical details and let's see how we can help.
R.P