Welcome to the Centrify Express forums.
The current community-supported version of Centrify Express is 5.3+ (please update)
Please provide your operating system and version (e.g. Red Hat Linux 7.2).
Please confirm the mode of operation (adinfo --zone)
If you're in express mode, ALL your AD users from the local domain or any trusted domains will be visibile. Centrify Express won't work for users in a one-way trust on the "trusting" side (this is an AD design principle, you can't go against the access arrow).
The users that are visible in your system can be viewed using the "adquery user" command. The groups are visible by using "adquery group"; (you can use also NSS commands like getent passwd or getent group).
Cache
The object cache is refreshed by default every 3600 seconds. This is so our client does not stress domain controllers. This means that provided that your replication is working well, it could take up to an hour until a user is visible/usable. However, you have the adflush and adobjectrefresh commands that you can trigger if you need the user to be available right away.
Examples:
use case # 1: you add a new user called bart (or modify user attriburtes) and you want the client to go and get those changes right away
$ sudo adflush
$ dzdo adflush -V Options ------------ force: no verbose: yes auth: yes dns: yes object: no object guid: <null> Flushing Cache ... DNS cache flushed successfully. Authorization cache store flushed successfully. GC and DC caches expired successfully. Started executing Post-command-hook /usr/sbin/daflush The auditing service's name cache has been successfully flushed. The DirectAudit installation information cache has been successfully flushed. Post-command-hook /usr/sbin/daflush exits with 0
$ adquery user bart
]$ adquery user bart bart:x:1040191001:1040191001:Bart Simpson:/home/bart:/sbin/nologin
use case # 2: you add a new member to an existing group called software and you want to refresh the group membership
$ dzdo adobjectrefresh -g software -V Options ------------ force: no verbose: yes ignoremembers: no type: group name: software Actions ------------ flush: yes refresh: yes membership: yes Refreshing object with membership ... Object refreshed successfully. GUID: a4952c705e34e84f9ee1c801b92cee14
If you happen to be using our commercial product (and are posting in the wrong forum), remember that in order for a user to be 'visible' in a system, they need to have two things:
- They must be UNIX-enabled
- They must have a role that provides visibility or the ability to log in.
Some resources:
about the cache: http://centrifying.blogspot.com/2014/01/basics-centrify-agent-cache.html
about time: http://centrifying.blogspot.com/2014/06/troubleshooting-understanding-how-time.html
R.P
R.P