Using dzinfo
The dzinfo command line program provides detailed information about the effective rights, role definitions, and role assignments for a specified user. The command output includes all of the same information that you can view using the Authorization Center as described in Using the Authorization Center directly on managed computers. However, using dzinfo as a command line utility allows you to view and capture all of the output from the command in a single window, which you can then save as a text file for troubleshooting and analysis or in reports.
The syntax for the dzinfo program is:
dzinfo [/v] [user_name] [/h]
The /v is an optional argument that enables you to view verbose output for the command. The user_name is an optional argument that enables you to view information for the specified user account. However, you must be logged on as a local administrator to specify the user_name argument. If you log on with an account that does not have local administrative privileges you cannot return authorization information for another user account.
If you run the dzinfo command without the user_name argument, the command returns authorization information for the currently logged-on user account.
The command returns detailed information about the rights, roles, and role assignments for the specified user (richl in the AJAX domain) similar to the following:
From the Centrify Access Manager
Effective roles for AJAX\richl:
Domain Admin/portland
Zone: CN=portland,CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org
Status: Active
Windows Login/global
Zone: CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org
Status: Active
Effective Login Rights for AJAX\richl:
Console Login: Permitted
Audit Level: Audit if possible
Remote Login: Permitted
Audit Level: Audit if possible
PowerShell Remote Access: Permitted
Audit Level: Audit if possible
Role Assignments for AJAX\richl:
Domain Admin/portland
Status: Active
Account: AJAX\richl
Scope: Zone
Zone: ajax.org/Centrify/Zones/global/portland
Local Role: No
Network Role: Yes
Effective: Immediate
Expires: Never
Windows Login/global
Status: Active
Account: AJAX\Domain Admins
Scope: Zone
Zone: ajax.org/Centrify/Zones/global
Local Role: Yes
Network Role: No
Effective: Immediate
Expires: Never
Role Definitions:
Domain Admin/portland
Status: Active
Description: None
Zone: CN=portland,CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org
Login Permitted: No
Audit Level: Audit if possible
Rescue Right: No
Require MFA: No
Available Hours: All
Rights:
ADUC/portland
Type: Application
Description: None
Priority: 0
Run As: AJAX\Administrator
Application: mmc.exe
Path: C:\Windows\system64
C:\Windows
C:\Program Files
C:\Program Files (x86)
C:\Windows\SysWOW64
Arguments: "C:\Windows\system64\dsa.msc"
Match Case: No
Require Authentication: No
Application Criteria:
None
Domain Admin Network Access/portland
Type: Network Access
Description: None
Priority: 0
Run As: AJAX\Administrator
Require Authentication: No
Windows Login/global
Status: Active
Description: Predefined system role for general Windows login users.
Zone: CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org
Login Permitted: Console & Remote & PowerShell Remote
Audit Level: Audit if possible
Rescue Right: No
Available Hours: All
Rights:
None
Computer is joined to zone ajax.org/Centrify/Zones/global/portland
Auditing for AJAX\richl:
Session ID 2:
Desktops:
Default: Not currently auditing.
Auditing is not available on this computer.
Doc Feedback