What user attributes does the QAS Active Directory Computer object need to read?
Is there a list of Active Directory user account attributes the QAS AD computer objects needs to read, if the default Microsoft "Authenticated User" permissions have been remove or hardened.
What attributes does QAS need to read when AD is locked down/hardened and the default Microsoft permissions have been removed.
Users cannot authenticate after setup.
What AD permissions are needed on the computer object.
* - These are the default Windows 2003 R2 schema attributes which are configurable through the Authentication Services Control Center.
These permissions can be tested by running the below command against a QAS AD user - all non-null attributes must be returned for QAS to function.
# /opt/quest/bin/vastool -u host/ attrs userName