Analyzing zones for potential issues

One way to avoid problems with agentless authentication or incomplete information is to periodically analyze the zone in the Active Directory forest using the Analyze wizard.

Note:   When you run the Analyze wizard, it checks only open zones in the Active Directory forest. Make sure the zone you are using as a NIS domain is open before analyzing the forest.

To check for potential problems in the Active Directory forest:

  1. Open Access Manager.
  2. If so prompted, specify the forest domain or domain controller to which to connect.
  3. In the console tree, select the Access Manager root node, right-click, and click Analyze.
  4. At the Welcome page, click Next.
  5. Select the checks to perform (at least the two in the table below) and click Next.

    Select at least the following checks.

    Select this option

    To do this

    Inconsistency in granting NIS server permissions

    Check that a zone_nis_servers group exists in each zone that supports agentless authentication, and that the group contains all NIS servers defined for the zone (to ensure data integrity). This group is required for assigning permissions to Centrify-managed computers that act as NIS servers. Do not delete or modify it manually.

    Orphan UNIX data objects

    Check for profile objects whose parent objects have been deleted – for example, manually deleted zone objects whose user, group or computer UNIX profile data may be left in Active Directory. This option removes UNIX-specific data from Active Directory.

  6. Review the summary report and click Finish.
  7. If the summary report indicates any issues, select Analysis Results in the console tree and view the details listed in the right pane. For example:

    To drill down further, or to resolve the issue, select the warning or error, right-click, and select Properties. For example: