adclient.local.group.merge

This configuration parameter determines whether to merge local group membership from the /etc/group file into the zone group membership for groups that have the same name and GID. For example, if the Centrify agent retrieves the membership list of kwan, emily, and sam for the group profile with the group name performx1 and GID 92531 from Active Directory and there is also a local group named performx1 with the GID 92531 with users wilson and jae, the merged group would include all five members (kwan,emily,sam,wilson,jae).

By default, this parameter value is set to false to prevent unexpected results. For example:

adclient.local.group.merge: false

Setting this parameter to true violates normal NSS behavior and, therefore, may have unexpected side effects. You should analyze your environment carefully before changing this parameter to true. If you determine you can safely merge local and Active Directory group profiles, you can uncomment this parameter and change its value.

Note:   If you set this parameter to true, you must run adreload to detect changes in the local group file.