Set sync mapped users

Synchronize the Active Directory password for local mapped users. When you enable this policy for a mapped user, if the user changes their Linux, UNIX, or Mac OS X password with the passwd command, or with a similar command, PAM changes the password to match in the local Linux, UNIX, or Mac OS X account. In this way, if there are problems with the network, Active Directory, or adclient, local users can still log into the machine.

Note:   This policy has no effect on Mac OS X computers.

To log in as a local user, append @localhost to the username. For example, log on as:


After enabling this policy, click Browse to search for users to add.

For this policy to work:

  • The specified user must be a mapped user configured in centrifydc.conf with the pam.mapuser parameter.
  • Either the Centrify or Microsoft password synchronization service must be installed on all domain controllers.
  • The zone to which the machine belongs must be configured to support agentless clients.
  • The Active Directory user to whom the local user is mapped must have a profile in the zone configured for agentless authentication.

This group policy modifies the pam.sync.mapuser setting in the agent configuration file.