0 votes

Hello,

New to this program and we are setting it up now. I wanted to know if there is a least permissions setup for the Service account. I dont want to have an account that has access to domain admins group. Something that can still be a service account for Adaxes and manage limited OU's in my AD.

by (150 points)

1 Answer

0 votes
by (292k points)
selected by
Best answer

Hello,

The Adaxes service account (specified during the software installation) only requires the permissions to publish Adaxes in AD. For details on how to grant the permissions, have a look at section How do I grant permissions to publish Adaxes service of our installation guide: https://www.adaxes.com/help/InstallationGuide/#grant-permissions-to-publish-adaxes-service.

At the same time, all operations in a managed domain are performed using the account specified for the domain in Adaxes. The account must have all the native AD permissions for the operations you will be performing in Adaxes. For example, if you are only going to be resetting user passwords in an OU, you can only grant the account native AD permissions to see the OU, users in it and reset passwords of the users. It is recommended that the account is a member of the BUILTIN\Administrators group, but it is not a requirement.

It is also not recommended to use the Adaxes service account for managed domains. For information on how to check/change the account for a managed domain, see https://www.adaxes.com/help/ChangeManagedDomainServiceAccount.

0

Thanks. I was able to fix it out via the installation guide.

Related questions

+4 votes
1 answer

We set up a new hire form that has serveral custom text attributes that include pay rate, etc. These fields are routed to the correct departments via a PowerShell ... Is there anyway to prevent certain attributes from displaying in the approver request email?

asked Jan 8, 2020 by dhuffman (80 points)
0 votes
1 answer

The account is configured with the user's email address as its name and the icon says third party.

asked Aug 19, 2021 by bsteele (90 points)
0 votes
1 answer

We used to use a script to check if an AD user's MFA was set in Azure (Hybrid AD/AAD set up). I do not think it is relevant any longer. Is there another script that handles this or some other functionality in order to check a user's Azure MFA status?

asked Aug 23 by msheppard (470 points)
0 votes
1 answer

I am unsure how to deal with this because of how Adaxes treats one identity account as two different objects, an AD and AzureAD user account, and both has different last logon values. What is a good way to combine the data?

asked Apr 22 by Daniel (160 points)
3,567 questions
3,258 answers
8,266 comments
547,929 users