Using dzdiag

The dzdiag command line program provides detailed diagnostic information for the local computer. The command output includes all of the same information that you can view by clicking Diagnostics on the Troubleshooting tab as described in Running diagnostics and viewing logs for the agent.

The syntax for the dzdiag command is:

dzdiag [/h] [/o]

The /h is an optional argument that displays the command help.

The /o is an optional argument that allows you to output just the offline MFA provisioning information. You can use this option to see if a user has configured an offline MFA profile or not and details about their offline MFA configuration.

You must be logged on as a local administrator to run the dzdiag command.

The command returns detailed information about desktop sessions similar to the following:


Product:           Centrify Infrastructure Services version-number ( build-number)
Computer:          CENTRIFY01
Joined Domain:     acme.local
Zone:              acme.local/Program Data/Centrify/Zones/global
Auditing:          Available
Agent State:       Connected
Time:              2018-10-04 17:41:41.491 -07:00
Session information:
   Session 3
      SAM Name:     CENTRIFY01\Administrator
      Logon Type:   Console
      Always Audit: Yes
      Desktops:
         Default
            GUID:             3e2c9799-b398-459f-a7a2-ed3a5359af3f
            DZ Logon Id:      (0x0)
            Local Role:       Self
            Network Roles:    Self
            Audit Status:     Currrently Auditing
            UAC Restrictions: No
            Network Drives:   No

Logon information:
    Logon ID (0x5bd925)
      Logon GUID:      50972030-e9ed-45dc-b7b7-ecf588ef152d
      Base Logon ID:   (0x1aff6e)
      Base SAM Name:   ACME\admin
      ElevatedAccount: (ElevatedSelfAccount, AdditionalGroups=(count=1, items=(S-1-5-32-544)))
      Local Role:      Windows Login/CN=global,CN=Zones,CN=Centrify,CN=Program Data,DC=acme,DC=local
      Network Roles:   None
      Should Audit:    Yes
   Logon ID (0x5c2fe6)
      Logon GUID:      053ef6cd-10cc-4383-b614-437c1a2067e3
      Base Logon ID:   (0x1aff6e)
      Base SAM Name:   ACME\admin
      ElevatedAccount: (ElevatedSelfAccount, AdditionalGroups=(count=1, items=(S-1-5-32-544)))
      Local Role:      Windows Login/CN=global,CN=Zones,CN=Centrify,CN=Program Data,DC=acme,DC=local
      Network Roles:   None
      Should Audit:    Yes
    Logon ID (0x5deca8)
      Logon GUID:      ce0da851-90f5-4cb6-a71b-25e2b116be75
      Base Logon ID:   (0x1aff6e)
      Base SAM Name:   ACME\admin
      ElevatedAccount: (ElevatedServiceAccount, ServiceAccount=S-1-5-21-1132289714-2257106472-2904894658-500)
      Local Role:      Windows Login/CN=global,CN=Zones,CN=Centrify,CN=Program Data,DC=acme,DC=local
      Network Roles:   None
      Should Audit:    Yes
   Logon ID (0x613c40)
      Logon GUID:      8ca4e342-4f4a-4e85-8e05-4d1332272c31
      Base Logon ID:   (0x1aff6e)
      Base SAM Name:   ACME\admin
      ElevatedAccount: (ElevatedServiceAccount, ServiceAccount=S-1-5-21-1132289714-2257106472-2904894658-1108)
      Local Role:      Windows Login/CN=global,CN=Zones,CN=Centrify,CN=Program Data,DC=acme,DC=local
      Network Roles:   None
      Should Audit:    Yes

Domain last access information:
   Forest acme.local:       Connected and Agent can authenticate
      Domains:
         acme.local (ACME): Connected

The offline MFA provisioning information:
   None

Multi-factor Authentication information:
   Platform Instance:             https://tenant.my.centrify.net/
   Last Used Platform Instance:   <none>
   Platform Certificate Exists:   No
   Disable Web Proxy:             No
   AD Site:                       Default-First-Site-Name
   Platform Instance Override:    <none>
   Centrify Connector Override:   <none>
   MFA Enabled (NotJoined):       No
   Platform Instance (NotJoined): <none>
   Web Proxy:                     <none>

      Centrify Connectors:
         Connector: centrify01.acme.local
            FQDN:                    centrify01.acme.local
            Tenant:                  https://tenant.my.centrify.net/
            Last Known Availability: Yes
            Last Access Time:        -
            IWA Enabled:             Yes
            IWA HTTPS Port:          8443
            Proxy Enabled:           Yes
            Proxy Server:            centrify01.acme.local:8080
            AD Site:                 Default-First-Site-Name