I did actually have an open ticket with Centrify to work on that issue with the back end way of doing thing. But you are right about the long run. It may not be impemented until later in the year. I didn't really get a timeframe on completion. Hoping to have a quicker temporary solution to help with the constant problems we are seeing now.
The options you suggest do sound foregin to me so I may need a little more walkthrough steps to test that.
I feel like I'm close with the script I'm using now if I can just figure out how to get the /CentrifyDC item back in keychain for the machines it has been removed on without having to do a manual unbind and then rebind again.
I was able to replicate a cause of /CentrifyDC being removed for testing. If on a Centrify Bound machine you go into terminal and type "sudo systemkeychain -vfcC" it blows away the keychain and recreates everying and then adgpupdate brings all the certs back and everything. But the /CentrifyDC object is missing after that.