Adaxes

How can we minimize permissions of Domain Service Account and still retain Adaxes functionality?

0 votes

Hello,

We have recently begun setting up Adaxes and are trying to exercise least privilege on both of the accounts we have created to manage the service. The first is a service account with the rights to Create/Delete Child Objects on the computer in order to publish the Adaxes service - no issues there.

Our second, the domain service account, has permissions to create/delete all child objects in the OU. However, when an attempt is made to create/delete a new user within this OU, we receive a permissions error suggesting we add it to Builtin/Domain/Enterprise admins.

What permissions could we be missing here that prevent us from creating new users?

The aforementioned account is also given the appropriate Security Role within the Adaxes administrative console.

related to an answer for: What permissions does the service account need to make changes to active directory?
by (20 points)

1 Answer

0 votes
by (257k points)

Hello,

Have a look at the following help article: https://www.adaxes.com/help/PermissionsOfDomainServiceAccount.

Related questions

0 votes
1 answer
With Adaxes can we add delegation permissions such as joining machines to domain ?

Looking to add a delegated permission for a specific OU for a security role (Help-Desk) to provide the ability to join machines to the domain and also rename the machines in domain.

asked Apr 14 by Vish539 (290 points)
0 votes
1 answer
How can we export logs to CSV from the Adaxes Service?

We would like to be able to export logs from the Adaxes service? Is there a way to do this either through the service or reporting?

asked Oct 31, 2022 by scoutcor (120 points)
0 votes
1 answer
service account still using domain admin

I upgraded to the latest Adaxes version about a month ago. Previously, I had my Domain Admin account as the service user, for the Softerra Adaxes service, and ... , but specified the different service account to run the Softerra Adaxes Service with.

asked Nov 26, 2019 by rurbaniak (1.4k points)
0 votes
1 answer
How can we setup a due date field for disabling an user account?

Hello, we're currently having issues to disabling user accounts on a specific date and time. When our HR department wants to start a "Offboarding", we're created a ... can we link it to the *After approval of disabling account field? Thanks in adavantage.

asked Aug 24, 2021 by BeliarsFire (20 points)
0 votes
1 answer
How can I create a scheduled task to remove all group memberships of a user after the account is disabled?

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3, 2021 by jayden.ang (20 points)
3,164 questions
2,868 answers
7,358 comments
505,924 users