Introducing the New Mac Diagnostic Tool

The old Centrify widget and Diagnostic Tool were handy ways to bring up information about Centrify configuration and users on a machine without having to bring up the Terminal each time. However as time went on, the widget became depreciated and the old Diag Tool was beginning to show its age; a change was needed.

Recognising that many Mac users have a great love for their big and beautiful GUIs, we redesigned the new Diagnostic Tool with simplicity and clarity (and hopefully intuitiveness!) in mind.

Here are the list of features for the new Diagnostic Tool for Mac:

On first opening the app, you are immediately greeted with the Centrify configuration and status on the Mac. (Eagle-eyed readers will note that this information can also be seen in the new 5.1.0 System Preferences > Centrify panel as well).

The command-line equivalents for the information from the two buttons on this screen are:

AD Info: adinfo

Network Info: ifconfig

The next screen is useful for those who wish to check that Group Policies have been successfully downloaded to the Mac.

(Note: Group policies are only available to Licensed versions of Centrify)

The “GP Update” button (adgpupdate) does a force-refresh of the group policies from Active Directory and the refresh results are shown in the window below.

Pressing either the “User Policy” or “Machine Policy” buttons will show the policies that have been pushed out to the current User or Computer GP Configurations respectively.

The output has also been colour-coded for clarity – in the main sections, the blue text at the beginning is the name of the GPO that the policy is coming from, the orange text shows the policy name itself while the numbers at the end are an indication of what settings have been applied to that policy.

Note that this output shows the raw GP file as the group policy processor would read it – while it is not the most user-friendly of texts to immediately decypher, it is a very useful method of verifying that certain group policies are reaching the user or computer correctly.

The “User” screen has options for querying information about AD users or groups as seen from the Mac itself (adquery). Just enter the username or group name, hit “Query” and the output is sent to the window below. There is also the option to save the resultant output to the Desktop.

The window on the right is simply a list of the folders that are present in the /Users/ directory (i.e. Where all the local home folders on a Mac resides). Many login issues can be quickly determined by a quick check to see if the UID of the user’s local home folder matches the UID that the user actually logs into the Mac with.

Hopefully, most of you will never need to use the “Debug / Logs” screen, but in the event that troubleshooting is needed and events need to be recorded and collected – this screen provides that functionality without the end-user needing to enter a single Terminal command at all.

Most of the functions here are only needed when requested to by Centrify Support, however the first button: “Save Basic System & Centrify Info to Desktop” can be a great timesaver if submitted at the same time as filing a new ticket. It performs the same function as: sudo adinfo -t

With this screen, instead of needing to enter a series of Terminal commands while switching between accounts, recording debug logs has been greatly simplified and reduces confusion when trying to capture the issue at hand.

In most cases, the reproduction steps would be as follows:

  1. Clear the debug logs
  2. Enable the debugger
  3. Reproduce the issue
  4. Disable the debugger
  5. Enter the username on the left and pack up the logs.


The last panel is a handy reference providing direct links for further assistance for both Licensed and Express customers.