Using dzinfo
The dzinfo
command line program provides detailed information about the effective rights, role definitions, and role assignments for a specified user. The command output includes all of the same information that you can view using the Authorization Center as described in Using the Authorization Center directly on managed computers. However, using dzinfo
as a command line utility allows you to view and capture all of the output from the command in a single window, which you can then save as a text file for troubleshooting and analysis or in reports.
The syntax for the dzinfo
program is:
dzinfo [/v] [user_name] [/h]
The /v
is an optional argument that enables you to view verbose output for the command. The user_name
is an optional argument that enables you to view information for the specified user account. However, you must be logged on as a local administrator to specify the user_name
argument. If you log on with an account that does not have local administrative privileges you cannot return authorization information for another user account.
If you run the dzinfo
command without the user_name
argument, the command returns authorization information for the currently logged-on user account.
The command returns detailed information about the rights, roles, and role assignments for the specified user (richl
in the AJAX
domain) similar to the following:
From the Centrify Access Manager Effective roles for AJAX\richl: Domain Admin/portland Zone: CN=portland,CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org Status: Active Windows Login/global Zone: CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org Status: Active Effective Login Rights for AJAX\richl: Console Login: Permitted Audit Level: Audit if possible Remote Login: Permitted Audit Level: Audit if possible PowerShell Remote Access: Permitted Audit Level: Audit if possible
Role Assignments for AJAX\richl: Domain Admin/portland Status: Active Account: AJAX\richl Scope: Zone Zone: ajax.org/Centrify/Zones/global/portland Local Role: No Network Role: Yes Effective: Immediate Expires: Never Windows Login/global Status: Active Account: AJAX\Domain Admins Scope: Zone Zone: ajax.org/Centrify/Zones/global Local Role: Yes Network Role: No Effective: Immediate Expires: Never Role Definitions: Domain Admin/portland Status: Active Description: None Zone: CN=portland,CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org Login Permitted: No Audit Level: Audit if possible Rescue Right: No Require MFA: No Available Hours: All Rights: ADUC/portland Type: Application Description: None Priority: 0 Run As: AJAX\Administrator Application: mmc.exe Path: C:\Windows\system64 C:\Windows C:\Program Files C:\Program Files (x86) C:\Windows\SysWOW64 Arguments: "C:\Windows\system64\dsa.msc" Match Case: No Require Authentication: No Application Criteria: None Domain Admin Network Access/portland Type: Network Access Description: None Priority: 0 Run As: AJAX\Administrator Require Authentication: No Windows Login/global Status: Active Description: Predefined system role for general Windows login users. Zone: CN=global,CN=Zones,OU=Centrify,DC=ajax,DC=org Login Permitted: Console & Remote & PowerShell Remote Audit Level: Audit if possible Rescue Right: No Available Hours: All Rights: None Computer is joined to zone ajax.org/Centrify/Zones/global/portland Auditing for AJAX\richl: Session ID 2: Desktops: Default: Not currently auditing. Auditing is not available on this computer.