0 votes

Hello,

New to this program and we are setting it up now. I wanted to know if there is a least permissions setup for the Service account. I dont want to have an account that has access to domain admins group. Something that can still be a service account for Adaxes and manage limited OU's in my AD.

by (150 points)

1 Answer

0 votes
by (274k points)
selected by
Best answer

Hello,

The Adaxes service account (specified during the software installation) only requires the permissions to publish Adaxes in AD. For details on how to grant the permissions, have a look at section How do I grant permissions to publish Adaxes service of our installation guide: https://www.adaxes.com/help/InstallationGuide/#grant-permissions-to-publish-adaxes-service.

At the same time, all operations in a managed domain are performed using the account specified for the domain in Adaxes. The account must have all the native AD permissions for the operations you will be performing in Adaxes. For example, if you are only going to be resetting user passwords in an OU, you can only grant the account native AD permissions to see the OU, users in it and reset passwords of the users. It is recommended that the account is a member of the BUILTIN\Administrators group, but it is not a requirement.

It is also not recommended to use the Adaxes service account for managed domains. For information on how to check/change the account for a managed domain, see https://www.adaxes.com/help/ChangeManagedDomainServiceAccount.

0

Thanks. I was able to fix it out via the installation guide.

Related questions

+4 votes
1 answer

We set up a new hire form that has serveral custom text attributes that include pay rate, etc. These fields are routed to the correct departments via a PowerShell ... Is there anyway to prevent certain attributes from displaying in the approver request email?

asked Jan 8, 2020 by dhuffman (80 points)
0 votes
1 answer

The account is configured with the user's email address as its name and the icon says third party.

asked Aug 19, 2021 by bsteele (90 points)
0 votes
1 answer

I am unsure how to deal with this because of how Adaxes treats one identity account as two different objects, an AD and AzureAD user account, and both has different last logon values. What is a good way to combine the data?

asked Apr 22 by Daniel (100 points)
0 votes
1 answer

We just busted our licence limit of 400, but we are only 320 employees. All the extras are either service accounts, external contractors accounts or old user accounts ... is reinstated on the 'managed accounts' list? Thank you for the guidance, Louis

asked Apr 11, 2022 by lw.fa (130 points)
3,383 questions
3,082 answers
7,832 comments
545,472 users