Computers must be in a zone for roles to be available

The administrator can define different rights and different roles for every zone. Your computer must be joined to a zone for those rights and roles to be available. In addition, a computer can be joined to only one zone at a time. The rights you have in any zone are based on the roles assigned to you in that zone and its parent zone. If the administrator has not added your computer to a zone, no local or network roles will be available for you to use.

After a computer is added to a zone, it is possible that your role assignments might enable you to access remote computers in zones other than the local computer’s zone. Roles that enable access to remote computers do not require you to have any local roles available in your local computer’s zone.

In most cases, the administrator should add your computer to the appropriate zone. Changing the zone assignment requires local administrative privileges. If you have administrative privileges on your local computer, you can use the Centrify Privilege Elevation Service Settings to view information about your current configuration and perform administrative tasks, if required. For example, if the administrator notifies you that you should join a zone they have prepared, you can use the Centrify Privilege Elevation Service Settings to complete the operation for your local computer.

Using the dzjoin command

The dzjoin command line program enables you to automatically join users to the zone in which their roles and rights are assigned, or to join them to a specific zone by zone name, when they log on to their computer. The dzjoin command line program is particularly useful for organizations that use non-persistent virtual desktop infrastructures.

The syntax for the dzjoin command is:

dzjoin [/c <domain controller>] [/d] [/u <username>] [/f] [/h] [/r [y|n|yes|no]] {/z <zonename> | /s | /v]

Note:   If the u option is specified but no password is found in the redirected input, you will be prompted for a password.

Use this option To do this

/c

Specify a domain controller to connect to.

/d

Retrieve zone data before restarting

/u

Specify the user name to join zone using custom credentials. The user name must be in the format: USER@DOMAIN or DOMAIN\USER. The credentials are for remote access only. For the password, you can specify by redirected input. Otherwise, this tool will prompt user for password.

/f

Suppress any warnings and/or questions.

/h

Displays the command help.

/r

Suppress the restart warning and specify to restart machine, if required, after joining zone. If no restart is required, this option is ignored. If no argument is provided, e.g. '/r', the default is to restart (example: '/r yes').

/z

Join a zone using the zone name. If the zone name is not unique, use the canonical name instead.

/s

Join to the zone where this computer is already pre-created in the zone or had previously been joined to the zone (but remotely left in a disconnected situation).

/v

Display the agent version.

Note:   You can also use the PowerShell command Join-CdmZone to join a zone.

Using the dzleave command

To leave a zone, use the dzleave command. The syntax for the dzleave command is:

dzleave [/c <domain controller>] [/u <username>] [/a|/f] [/r [y|n|yes|no]] [/v] [/h]
Use this option To do this

/a

Remove the role assignment from the computer zone.

/c

Specify a domain controller to connect to.

/u

Specify the user name to leave zone using custom credentials. The user name must be in the format: USER@DOMAIN or DOMAIN\USER. The credentials are for remote access only. For the password, you can specify by redirected input. Otherwise, this tool will prompt user for password.

/f

Suppress any warning and/or question(s). In case the domain cannot be contacted, this tool will perform a local zone leave automatically.

/h

Displays the command help.

/r

Specify whether to restart machine, if required, after leaving zone without prompt. If no restart is needed, this option is ignored. If no argument is provided, example: '/r', the default is to restart ('/r yes').

/v

Show the agent version.

Note:   You can also use the PowerShell command Exit-CdmZone to leave a zone.