返回
-
标题
Question regarding the BinaryTreeCDSPowershell O365 Accounts -
说明
Questions about the O365 service account type accounts that start with "BinaryTreeCDSPowershell". We have 3 accounts in our tenant that begin with that name.
- How are the accounts are being used?
- How are they are created?
- Are they created with a password? If so how long is the password?
- If those accounts have MFA on them will they still work?
-
解决办法
What are these accounts being used for?A: They are used for remote PowerShell into O365, creation of objects.How are they created?A:After a few minutes of the environment getting connected the accounts are createdAre they created with a password? If so how long is the password?A: The password is random and the length of the password is 14 characters and consists of upper/lower/numbers/symbols.If those accounts have MFA on them will they still work?A: Multi-factor Authentication (MFA) will cause issues, the accounts to fail to logon.Additional Information
Directory Sync utilizes the delegated permission to access the source/target tenant, hence the product will utilize these PowerShell Service account to read/create objects.
The permissions needed are Teams Administrator, Exchange Administrator and User Administrator roles. We need these roles to read, create and modify Users, Groups and Teams objects and also their mail attributes.
These service accounts are created automatically using the OAuth token granted by their Admin during project creation or when they configure the environments in Directory Sync.