Other administrative options

ADEdit is intended to the primary tool for administrators who want to perform administrative tasks directly from a command line or in scripts on Linux, UNIX, and Mac OS X computers. However, there are two other administrative options for performing the same tasks outside of ADEdit:

  • The Access Manager console runs on a Windows computer and provides a graphical user interface that you can use for complete control of Centrify‑related information and some Active Directory features.
  • The Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service SDK for Windows provides application programming interfaces (API) that you can use to control all of the same features provided the Access Manager console.

It’s important to realize when using any of these tools that an instance of one of these tools has no knowledge of other tool instances and acts as if it’s the only administrative tool at work. For example, if one administrator uses the Access Manager console to modify a zone object at the same time as another administrator uses ADEdit to modify the same zone object, their changes might clash. For example, if the changes are first saved by the administrative using Access Manager, those change might be overridden by changes saved by ADEdit. The last tool to save object data has the final say.

This is true as well for different instances of ADEdit. If two administrators both use different ADEdit instances simultaneously to work on the same object, the administrator who last saves the object is the only one whose work will have an effect on the object.

It’s important when using ADEdit in an environment with multiple administrators to retrieve an object, make changes, and check it back in efficiently to avoid conflicts. ADEdit object changes are not atomic.

It helps to bind all administration tools to the same domain controller within a domain to further minimize conflicts. If tools work on different domain controllers, one tool’s changes may take time to replicate to the other domain controllers, so other tools connected to other domain controllers won’t be able to see those changes immediately.