Set agent parameters

Exclusions of Domains:

Centrify provides robust support for complex active directory environments with varying trust relationships. Many agent parameters can be configured through Group Policy. We often see customers don’t cleanup decommissioned domains or have domains in the environment not in scope for Centrify.  We recommend blacklisting the domains that are not in scope or whitelisting only the domains in scope for Centrify.

An example of excluding, black listing, a domain in /etc/centrifydc/centrifydc.conf is:

    adclient.excluded.domains: anvil.acme.com

An example of including, white listing, a domain in /etc/centrifydc.conf is:

    adclient.included.domains: anvil.acme.com

Paged Control:

To operate the best with the Microsoft Active Directory search optimizer, Centrify has provides a parameter called “adclient.schema.extensions.search.add.paged.control”. Centrify recommends setting this parameter to true to optimize AD lookups.

Suite 2016.1:

If the version of the Centrify agent running is version 5.3.1, part Suite 2016.1, Centrify highly recommends configuring the parameter “adclient.altupn.update.interval: 90000000” in /etc/centrifydc/centrifydc.conf. 

These parameters can be deployed via the GPO“Add centrifydc.conf properties” under Computer Configuration > Centrify Settings > DirectControl Settings.  See page 30 of the Group Policy Guide for additional information.