Creating a service account to run the Active Directory Connector
The service account that will run the Active Directory Connector will need admin privileges on the server where the connector is installed.
- If the Active Directory Connector is installed on a domain controller the service account must be a member of the Domain Admins group
- If the Active directory Connector is installed on a member server the service account must be a member of the server's Administrators group.
Creating a service account that is a domain admin - used on a domain controller
- Open Active Directory Users and Computers.
- Create a new user. Use a descriptive name like PasswordBossService.
- Create a strong password for the account and clear the checkbox so a password change is not required. You may also want to check the box for "Password never expires".
- Save the new password in Password Boss.
- Edit the service account in Active Directory User and Computers.
- On the Member Of tab, add the Domain Admins group and save the account.
Creating a service account that is an administrator on the member server
- Open Users and Groups.
- Create a new user. Use a descriptive name like PasswordBossService.
- Create a strong password for the account and clear the checkbox so a password change is not required. You may also want to check the box for "Password never expires".
- Save the new password in Password Boss.
- Edit the user account and on the Member Of tab add the Administrators group and save the service account.
- Open Active Directory Users and Computers and right-click the domain and select Delegate Control.
- Add your service account to the User or Groups page.
- On the Tasks to Delegate page select Read all user information.
- Finish the wizard
- Install AD Lightweight Directory Service as a Role on your member server.
- Open Powershell or a command prompt and run the following commands
dsacls "CN=Deleted Objects,<Your_Base_DN_here>" /takeownership
dsacls "CN=Deleted Objects,<Your_Base_DN_here>" /G <Domain\PasswordBossService>:LCRP