If you want to use a non-domain admin account for your managed domain(s), can you do it?
This can be done, depending on which actions/operations are required from ActiveRoles Server. (eg. Create/delete users, computers, OU's, etc.) but NO exchange permissions.
Simple Example:
1. Using Active Directory Users and computers, right-click on your domain and choose Delegate Control.
2. Add in the selected ARS service account OR Managed Domain Account and click NEXT
3. Choose 'Create a custom task to delegate' and click NEXT
4. Choose 'This folder, existing objects in this folder, and creation of new objects in this folder' then click NEXT
5. Un-select GENERAL. Select 'CREATION/DELETION OF SPECIFIC CHILD OBJECTS'
6. Enable these any object in the list for read/write you want the ARS service to access. Example: Create and Delete computer objects, then NEXT and FINISH.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy