0 votes

Hello,

We have recently begun setting up Adaxes and are trying to exercise least privilege on both of the accounts we have created to manage the service. The first is a service account with the rights to Create/Delete Child Objects on the computer in order to publish the Adaxes service - no issues there.

Our second, the domain service account, has permissions to create/delete all child objects in the OU. However, when an attempt is made to create/delete a new user within this OU, we receive a permissions error suggesting we add it to Builtin/Domain/Enterprise admins.

What permissions could we be missing here that prevent us from creating new users?

The aforementioned account is also given the appropriate Security Role within the Adaxes administrative console.

by (20 points)

1 Answer

0 votes
by (257k points)

Hello,

Have a look at the following help article: https://www.adaxes.com/help/PermissionsOfDomainServiceAccount.

Related questions

0 votes
1 answer

Looking to add a delegated permission for a specific OU for a security role (Help-Desk) to provide the ability to join machines to the domain and also rename the machines in domain.

asked Apr 14 by Vish539 (290 points)
0 votes
1 answer

We would like to be able to export logs from the Adaxes service? Is there a way to do this either through the service or reporting?

asked Oct 31, 2022 by scoutcor (120 points)
0 votes
1 answer

I upgraded to the latest Adaxes version about a month ago. Previously, I had my Domain Admin account as the service user, for the Softerra Adaxes service, and ... , but specified the different service account to run the Softerra Adaxes Service with.

asked Nov 26, 2019 by rurbaniak (1.4k points)
0 votes
1 answer

Hello, we're currently having issues to disabling user accounts on a specific date and time. When our HR department wants to start a "Offboarding", we're created a ... can we link it to the *After approval of disabling account field? Thanks in adavantage.

asked Aug 24, 2021 by BeliarsFire (20 points)
0 votes
1 answer

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3, 2021 by jayden.ang (20 points)
3,164 questions
2,868 answers
7,358 comments
505,924 users