Set user mapping

Map local UNIX user accounts to an Active Directory accounts.

This policy allows you to set password policies in Active Directory even when a local UNIX account is used to log in. This group policy is most commonly used to map local system or application user accounts on a computer to a different Active Directory account and password, so that you can enforce password complexity rules for the account, but it can be used for any local user account.

NOTE: This group policy does not work for Mac OS X system.

When you select Enabled for the Set user mapping group policy, you can then click Show to add or remove user accounts.

To add mapped user accounts to the policy, click Add. You can then type the UNIX user account name in the first field and the Active Directory account name to which you want to map the local account in the second field, then click OK.

Once this policy is applied, users or services attempting to log in with the local mapped account must provide the Active Directory password for the account.

This group policy modifies the pam.mapuser.username setting in the Centrify DirectControl configuration file.

Supported on:
Set the Platform instance URL: (https://:/)

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\UserMap
Value Name
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)