Restoring the FileVault user list after adflush

In Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service, if your FileVault 2 user list contains mobile users from another forest with one-way trust (that is, cross-forest mobile users), it is possible that those users will be removed from the FileVault 2 user list after you execute adflush or adflush -f.

After you upgrade to release 2015.1 or later, perform the following steps to ensure that cross-forest mobile users are added to the FileVault 2 user list permanently:

  1. Execute the following command:
    adflush -f 

    Executing this command removes the 2015-format, temporary GUID from cross-forest mobile users.

  2. Execute the following command for each cross-forest mobile user that you want to add permanently to the FileVault 2 user list:

    adquery user -guid cross-forest-mobile-user-name

    Executing this command assigns a new, permanent GUID to each user that you specify.

  3. Execute the following command for each cross-forest mobile user that you want to add to the FileVault 2 user list:

    fdesetup add -usertoadd cross-forest-mobile-user-name

    Executing this command adds the specified user to the FileVault 2 user list.

  4. Execute the following command to verify that the users are added to the FileVault 2 user list:

    fdesetup list