auto.schema.apple_scheme

This configuration parameter specifies that you want to use the Apple algorithm to automatically generate user and group identifiers. The Apple algorithm for generating identifiers is based on the objectGuid attribute for the user or group object. The Centrify mechanism for automatically generating UIDs and GIDs is based on the security identifier for the user or group objects. Both methods ensure a globally unique and consistent identifier for the user or group.

By default, this parameter value is set to false. If you want to use the Apple algorithm, set the parameter value to true. For example:

auto.schema.apple_scheme: true

If you set this parameter to use the Apple algorithm, you must use adflush to clear the cache, then restart the adclient process to update UIDs, GIDs, and user primary GIDs. Note that the user’s primary group must be available in Auto Zone. If a user’s primary group is not in the zone, the user will have an incomplete profile and unable to log on. If a user is provisioned with an incomplete profile, an error is recorded in the Window Event log.

After clearing the cache and restarting the agent, run the fixhome.pl script to correct conflicts between the new user UID and the home directory ownership.

In most cases, you set this configuration parameter using group policy. You can, however, set it manually in the configuration file if you are not using group policy or want to temporarily override group policy.