Performing cache operations

You must have administrator privileges to perform the cache operations described here. Available cache operations include:

  • Refreshing the cache (perform this operation from the user interface or the command line)
  • Flushing the cache (performed from the command line)
  • Dumping the cache (performed from the command line)

Refreshing the cache

As administrator, you can refresh the cache from the user interface or from the command line. Refreshing the cache updates the cache with fresh information from Active Directory, ensuring that the agent has the most up-to-date information about users’ current rights and roles.

Refreshing the cache is useful if you change authorization information with the management console, and you want to see the updated information on the Windows agent right away.

Note:   
In domains containing multiple domain controllers, you might not see the updated information even after you refresh the cache. In cases such as this, wait for Active Directory replication (typically a few minutes), and then refresh the cache again. Alternatively, wait another 10 minutes and the agent will refresh the data on its own.

You can refresh and flush the cache only on computers that are connected to a domain controller.

To refresh the cache from the user interface:

  1. Open the agent configuration panel by clicking Agent Configuration in the list of applications on the Windows Start menu.
  2. Click Centrify Privilege Elevation Service.
  3. Click Settings.
  4. Click the Troubleshooting tab.
  5. Click Refresh, then click OK to acknowledge the successful operation.

Note:   Alternatively, you can execute the dzrefresh command line utility to refresh the cache as described in the next section.

To refresh the cache from the command line:

Execute the dzrefresh command line utility to refresh the cache. Executing dzrefresh performs the same operation as clicking the Refresh button in the agent configuration panel Troubleshooting tab.

The syntax for running the dzrefresh utility is:

dzrefresh

Flushing the cache

Execute the dzflush command line utility to flush (clear) the cache. Flushing the cache removes all cache data and reloads it from Active Directory. You should flush the cache only when directed to do so by Centrify Support. Under most circumstances, you should refresh the cache rather than flush the cache.

The syntax for running the dzflush utility is:

dzflush

Dumping the cache

Execute the dzdump command line utility to dump the cache to standard output or to a redirect file that you specify on the command line. You can also use the options shown here to display only specific types of cache data, such as zone hierarchy, role definitions, right definitions, and other data.

You should execute the dzdump utility only when directed to do so by Centrify Support.

The syntax for running the dzdump utility is:

dzdump [/d [directory-path]] [/w=screen-width] [/s] [/n] [/g] [/l] [/a] [/r] [/i] [/t] [/z] [/u] [/h]

If you execute dzdump with no options, all dzagent in-memory cache is dumped.

Setting valid options

You can use the following options with dzdump:

Use this option To do this

/d

Dump cache files from the default location.

/d=directory-path

Dump cache files from the specified location.

/w=screen-width

Use the specified width rather than the default of 80 for word-wrap. Set /w=0 to disable word-wrap.

/s

Display SID mappings.

/n

Display name mappings.

/g

Display assignee mappings.

/l

Display assignments in the joined zone hierarchy.

/a

Display assignments for SIDs.

/r

Display role definitions.

/i

Display right definitions.

/t

Display access token information.

/z

Display zone hierarchy.

/u

Display recent user log-ins.

/h

Display help information.