Skip to content

Assigning Permissions to Active Directory Service Accounts

The following section outlines the steps to enable permissions to create and delete computer objects, permissions on these objects, and permissions to change and reset user credentials. These permissions are the minimum level of permissions required for a service account when installing the Connector.

Organisational Unit [OU] Permissions Dialog

Permissions are being assigned to the service account through the OU permissions dialog.

Permissions to Create and Delete Computer Objects

The following section outlines how to add permissions to create and delete computer objects through the OU permissions dialog:

  1. Go to the security tab of the OU you want to give permissions to.
  2. Right-click the relevant OU and click Properties.
  3. Go to the security tab and click Advanced.
  4. Click Add and browse to your user account. As stated above you need to add the user account to the OU.
  5. Select This object and all descendant objects and select the following permissions:
    • Create Computer Objects
    • Delete Computer Objects
  6. Click OK.

Permissions on the Computer Objects

The following section outlines how to select permissions on the computer objects through the OU permissions dialog:

  1. Go to the security tab of the OU you want to give permissions to.
  2. Right-click the relevant OU and click Properties.
  3. Go to the security tab and click Advanced.
  4. Click Add and browse to your user account. As stated above you need to add the user account to the OU.
  5. Limit the Apply Onto scope to Descendant Computer objects and select the following settings:
    • Read All Properties
    • Write All Properties
    • Read Permissions
    • Modify Permissions
    • Validated write to DNS host name
    • Validated write to service principal name
  6. Click OK.