Using dzdiag
The dzdiag
command line program provides detailed diagnostic information for the local computer. The command output includes all of the same information that you can view by clicking Diagnostics on the Troubleshooting tab as described in Running diagnostics and viewing logs for the agent.
The syntax for the dzdiag
command is:
dzdiag [/h] [/o]
The /h is an optional argument that displays the command help.
The /o is an optional argument that allows you to output just the offline MFA provisioning information. You can use this option to see if a user has configured an offline MFA profile or not and details about their offline MFA configuration.
You must be logged on as a local administrator to run the dzdiag
command.
The command returns detailed information about desktop sessions similar to the following:
Product: Centrify Infrastructure Services version-number ( build-number) Computer: CENTRIFY01 Joined Domain: acme.local Zone: acme.local/Program Data/Centrify/Zones/global Auditing: Available Agent State: Connected Time: 2018-10-04 17:41:41.491 -07:00 Session information: Session 3 SAM Name: CENTRIFY01\Administrator Logon Type: Console Always Audit: Yes Desktops: Default GUID: 3e2c9799-b398-459f-a7a2-ed3a5359af3f DZ Logon Id: (0x0) Local Role: Self Network Roles: Self Audit Status: Currrently Auditing UAC Restrictions: No Network Drives: No Logon information: Logon ID (0x5bd925) Logon GUID: 50972030-e9ed-45dc-b7b7-ecf588ef152d Base Logon ID: (0x1aff6e) Base SAM Name: ACME\admin ElevatedAccount: (ElevatedSelfAccount, AdditionalGroups=(count=1, items=(S-1-5-32-544))) Local Role: Windows Login/CN=global,CN=Zones,CN=Centrify,CN=Program Data,DC=acme,DC=local Network Roles: None Should Audit: Yes Logon ID (0x5c2fe6) Logon GUID: 053ef6cd-10cc-4383-b614-437c1a2067e3 Base Logon ID: (0x1aff6e) Base SAM Name: ACME\admin ElevatedAccount: (ElevatedSelfAccount, AdditionalGroups=(count=1, items=(S-1-5-32-544))) Local Role: Windows Login/CN=global,CN=Zones,CN=Centrify,CN=Program Data,DC=acme,DC=local Network Roles: None Should Audit: Yes Logon ID (0x5deca8) Logon GUID: ce0da851-90f5-4cb6-a71b-25e2b116be75 Base Logon ID: (0x1aff6e) Base SAM Name: ACME\admin ElevatedAccount: (ElevatedServiceAccount, ServiceAccount=S-1-5-21-1132289714-2257106472-2904894658-500) Local Role: Windows Login/CN=global,CN=Zones,CN=Centrify,CN=Program Data,DC=acme,DC=local Network Roles: None Should Audit: Yes Logon ID (0x613c40) Logon GUID: 8ca4e342-4f4a-4e85-8e05-4d1332272c31 Base Logon ID: (0x1aff6e) Base SAM Name: ACME\admin ElevatedAccount: (ElevatedServiceAccount, ServiceAccount=S-1-5-21-1132289714-2257106472-2904894658-1108) Local Role: Windows Login/CN=global,CN=Zones,CN=Centrify,CN=Program Data,DC=acme,DC=local Network Roles: None Should Audit: Yes Domain last access information: Forest acme.local: Connected and Agent can authenticate Domains: acme.local (ACME): Connected The offline MFA provisioning information: None Multi-factor Authentication information: Platform Instance: https://tenant.my.centrify.net/ Last Used Platform Instance: <none> Platform Certificate Exists: No Disable Web Proxy: No AD Site: Default-First-Site-Name Platform Instance Override: <none> Centrify Connector Override: <none> MFA Enabled (NotJoined): No Platform Instance (NotJoined): <none> Web Proxy: <none> Centrify Connectors: Connector: centrify01.acme.local FQDN: centrify01.acme.local Tenant: https://tenant.my.centrify.net/ Last Known Availability: Yes Last Access Time: - IWA Enabled: Yes IWA HTTPS Port: 8443 Proxy Enabled: Yes Proxy Server: centrify01.acme.local:8080 AD Site: Default-First-Site-Name