Using dzinfo

The dzinfo command line program provides detailed information about the effective rights, role definitions, and role assignments for a specified user. The command output includes all of the same information that you can view using the Authorization Center as described in Using the Authorization Center directly on managed computers. However, using dzinfo as a command line utility allows you to view and capture all of the output from the command in a single window, which you can then save as a text file for troubleshooting and analysis or in reports.

The syntax for the dzinfo program is:

dzinfo [/v] [user_name] [/h]

The /v is an optional argument that enables you to view verbose output for the command. The user_name is an optional argument that enables you to view information for the specified user account. However, you must be logged on as a local administrator to specify the user_name argument. If you log on with an account that does not have local administrative privileges you cannot return authorization information for another user account.

If you run the dzinfo command without the user_name argument, the command returns authorization information for the currently logged-on user account.

The command returns detailed information about the rights, roles, and role assignments for the specified user (richl in the AJAX domain) similar to the following:

From the Centrify Access Manager

Effective roles for AJAX\richl:

   Domain Admin/portland

      Zone:    CN=portland,CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org

      Status:  Active

   Windows Login/global

      Zone:    CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org

      Status:  Active

Effective Login Rights for AJAX\richl:

   Console Login: Permitted

      Audit Level: Audit if possible

   Remote Login: Permitted

      Audit Level: Audit if possible

   PowerShell Remote Access: Permitted 

      Audit Level: Audit if possible
                                      

Role Assignments for AJAX\richl:

   Domain Admin/portland

      Status:        Active

      Account:       AJAX\richl

      Scope:         Zone

      Zone:          ajax.org/Centrify/Zones/global/portland

      Local Role:    No

      Network Role:  Yes

      Effective:     Immediate

      Expires:       Never

   Windows Login/global

      Status:        Active

      Account:       AJAX\Domain Admins

      Scope:         Zone

      Zone:          ajax.org/Centrify/Zones/global

      Local Role:    Yes

      Network Role:  No

      Effective:     Immediate

      Expires:       Never

Role Definitions:

   Domain Admin/portland

      Status:          Active

      Description:     None

      Zone:            CN=portland,CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org

      Login Permitted: No

      Audit Level:     Audit if possible

      Rescue Right:    No

					Require MFA:    No

      Available Hours: All

      Rights:

         ADUC/portland

            Type:                   Application

            Description:            None

            Priority:               0

            Run As:                 AJAX\Administrator

            Application:            mmc.exe

            Path:                   C:\Windows\system64

                                    C:\Windows

                                    C:\Program Files

                                    C:\Program Files (x86)

                                    C:\Windows\SysWOW64

            Arguments:              "C:\Windows\system64\dsa.msc"

            Match Case:             No

            Require Authentication: No

            Application Criteria:

               None

         Domain Admin Network Access/portland

            Type:                   Network Access

            Description:            None

            Priority:               0

            Run As:                 AJAX\Administrator

            Require Authentication: No

   Windows Login/global

      Status:          Active

      Description:     Predefined system role for general Windows login users.

      Zone:            CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org

      Login Permitted: Console & Remote & PowerShell Remote

      Audit Level:     Audit if possible

      Rescue Right:    No

      Available Hours: All

      Rights:

         None

Computer is joined to zone ajax.org/Centrify/Zones/global/portland

Auditing for AJAX\richl:

   Session ID 2:

      Desktops:

         Default: Not currently auditing.

Auditing is not available on this computer.