Password Manager 5.14.0 - Administration Guide (AD LDS Edition)

When you add a domain connection, you can create a new one or use existing connections, if any. When creating the domain connection, you must specify a domain management account - an account under which Password Manager will access the domain.

For the domain connection that you want to use in the user and helpdesk scopes, make sure the domain management account has the following minimum set of permissions:

Membership in the Domain Users group
The Read permission for all attributes of user objects
The Write permission for the following attributes of user objects: pwdLastSet, comment, userAccountControl, and lockoutTime
The right to reset user passwords
The permission to create user accounts and containers in the Users container
The Read permission for attributes of the organizationalUnit object and domain objects
The Write permission for the gpLink attribute of the organizationalUnit objects and domain objects
The Read permission for the attributes of the container and serviceConnectionPoint objects in Group Policy containers
The permission to create container objects in the System container
The permission to create the serviceConnectionPoint objects in the System container
The permission to delete the serviceConnectionPoint objects in the System container
The Write permission for the keywords attribute of the serviceConnectionPoint objects in the System container

If you want to use the same domain connection in password policies as well, make sure the account has the following permissions:

The Read permission for attributes of the groupPolicyContainer objects.
The Write permission to create and delete the groupPolicyContainer objects in the System Policies container.
The Read permission for the nTSecurityDecriptor attribute of the groupPolicyContainer objects.
The permission to create and delete container and the serviceConnectionPoint objects in Group Policy containers.
The Read permission for the attributes of the container and serviceConnectionPoint objects in Group Policy containers.
The Write permission for the serviceBindingInformation and displayName attributes of the serviceConnectionPoint objects in Group Policy containers.
The Write permission for the following attributes of the msDS-PasswordSettings object:
- msDS-LockoutDuration
- msDS-LockoutThreshold
- msDS-MaximumPasswordAge
- msDS-MinimumPasswordAge
- msDS-MinimumPasswordLength
- msDS-PasswordComplexityEnabled
- msDS-PasswordHistoryLength
- msDS-PasswordReversibleEncryption
- msDS-PasswordSettingsPrecedence
- msDS-PSOApplied
- msDS-PSOAppliesTo
- name

Veuillez sélectionner votre produit

Afin de mieux répondre à vos besoins, précisez l'objet du tchat:

Solutions recommandées pour votre problème

Password Manager 5.14.0 - Administration Guide (AD LDS Edition)

Configuring Permissions for Domain Management Account