Enable LDAP cross-forest search

Specify whether to allow Centrify DirectControl Agent to query trusted domains and forests for transitive trust information.

If you enable this policy by selecting the LDAP Cross-Forest Search box, Centrify DirectControl Agent generates a krb5.conf that includes information from all trusted forests and can be used to authenticate cross-forest users to Kerberos applications. If you disable this policy, Centrify DirectControl Agent does not query external trusted domains or forests for information.

By default, the configuration parameter set by this policy is enabled.

Querying external trusted forests can take a significant amount of time if the other forests are blocked by firewalls. You may want to set this parameter to false if your trust relationships, network topology, or firewalls are not configured properly for access.

This group policy modifies the adclient.ldap.trust.enabled setting in the Centrify DirectControl configuration file.


Supported on:
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Timeouts
Value Nameadclient.ldap.trust.enabled
Value TypeREG_SZ
Enabled Valuetrue
Disabled Valuefalse

Create mobile account when user logs in to network account
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Timeouts
Value Nameadclient.ldap.trust.enabled
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Create mobile account even if user does not have a network home directory
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Timeouts
Value Nameadclient.ldap.trust.enabled
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Require confirmation before creating mobile account
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Timeouts
Value Nameadclient.ldap.trust.enabled
Value TypeREG_DWORD
Default Value1
True Value1
False Value0
Show "Don't ask me again" checkbox
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Timeouts
Value Nameadclient.ldap.trust.enabled
Value TypeREG_DWORD
Default Value1
True Value1
False Value0
Create home:




centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)