Adaxes

How can we minimize permissions of Domain Service Account and still retain Adaxes functionality?

0 votes

Hello,

We have recently begun setting up Adaxes and are trying to exercise least privilege on both of the accounts we have created to manage the service. The first is a service account with the rights to Create/Delete Child Objects on the computer in order to publish the Adaxes service - no issues there.

Our second, the domain service account, has permissions to create/delete all child objects in the OU. However, when an attempt is made to create/delete a new user within this OU, we receive a permissions error suggesting we add it to Builtin/Domain/Enterprise admins.

What permissions could we be missing here that prevent us from creating new users?

The aforementioned account is also given the appropriate Security Role within the Adaxes administrative console.

related to an answer for: What permissions does the service account need to make changes to active directory?
by (20 points)

1 Answer

0 votes
by (301k points)

Hello,

Have a look at the following help article: https://www.adaxes.com/help/PermissionsOfDomainServiceAccount.

Related questions

0 votes
1 answer
With Adaxes can we add delegation permissions such as joining machines to domain ?

Looking to add a delegated permission for a specific OU for a security role (Help-Desk) to provide the ability to join machines to the domain and also rename the machines in domain.

asked Apr 14, 2023 by Vish539 (500 points)
0 votes
1 answer
How can we export logs to CSV from the Adaxes Service?

We would like to be able to export logs from the Adaxes service? Is there a way to do this either through the service or reporting?

asked Oct 31, 2022 by scoutcor (120 points)
0 votes
1 answer
service account still using domain admin

I upgraded to the latest Adaxes version about a month ago. Previously, I had my Domain Admin account as the service user, for the Softerra Adaxes service, and ... , but specified the different service account to run the Softerra Adaxes Service with.

asked Nov 26, 2019 by rurbaniak (1.5k points)
0 votes
1 answer
How can we setup a due date field for disabling an user account?

Hello, we're currently having issues to disabling user accounts on a specific date and time. When our HR department wants to start a "Offboarding", we're created a ... can we link it to the *After approval of disabling account field? Thanks in adavantage.

asked Aug 24, 2021 by BeliarsFire (20 points)
0 votes
1 answer
Least Privileged Permissions Adaxes service account

Dear Reader, Currently we have Adaxes installed to manage mostly the on-premises user base. However some activities are extended to Office 365. Here we notice that Adaxes installed ... and when we do so how will this affect Adaxes? Thanks in advance, Maarten

asked Jan 8, 2024 by Maarten5150 (20 points)
3,679 questions
3,361 answers
8,504 comments
549,382 users