Restoring the FileVault user list after adflush

In Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service, if your FileVault 2 user list contains mobile users from another forest with one-way trust (that is, cross-forest mobile users), it is possible that those users will be removed from the FileVault 2 user list after you execute adflush or adflush -f.

After you upgrade to release 2015.1 or later, perform the following steps to ensure that cross-forest mobile users are added to the FileVault 2 user list permanently:

Execute the following command:
```
adflush -f 
```
Executing this command removes the 2015-format, temporary GUID from cross-forest mobile users.
Execute the following command for each cross-forest mobile user that you want to add permanently to the FileVault 2 user list:
```
adquery user -guid cross-forest-mobile-user-name
```
Executing this command assigns a new, permanent GUID to each user that you specify.
Execute the following command for each cross-forest mobile user that you want to add to the FileVault 2 user list:
```
fdesetup add -usertoadd cross-forest-mobile-user-name
```
Executing this command adds the specified user to the FileVault 2 user list.
Execute the following command to verify that the users are added to the FileVault 2 user list:
```
fdesetup list
```