Return
-
Title
Active Directory Cartridge Permissions Question -
Description
AD Cartrdige up to 5.5.6.4 requires Windows Domain Admin account. The Domain Admin account cannot be used to run the AD Agent.
Can specific Group Policy permissions be granted in order to run the Active Directory agent without Domain Admin membership?
Could the Exchange Account and the Domain user account be the same?
-
Resolution
Since cartridge version 5.6.9 the required permissions has been reduced and is listed in the documentation.
For AD cartridge version below 5.6.9. the account must be a Windows Domain Admin account.
And yes, it can be the same account as long as it has all the required privileges. The point is the account needs to have two different sets of account privileges but not necessarily two different user accounts.
-
Defect ID
AD-58