and more in a single search tool across platforms. Read the announcement here. |
03/10/2023 09:25 AM
Hi Team
We have a requirement, where we need to import AD accounts from a Root AD domain and two child AD domains to perform checkforunique before provisioning an AD account in one of the child domain.
Hence we are using ADSI connector.
But My query is, If the service account is created in Root AD Domain without Domain Admin/Enterprise admin privileges. Using Delegated controls required permissions will be given for all 3 domains.
Will this above usecase work with delegated permissions ?
Thanks in advance.
Regards
Sangita Ladi
03/14/2023 10:41 AM
Team
A gentle reminder on the on the above query.
Regards
Sangita Ladi
03/14/2023 04:14 PM
Hello @sangitaladi
Please find a snip from our ADSI documentation: Preparing for Integration
For discovering objects in Active Directory using the Active Directory management agent (ADMA), the service account must reside in the root domain of the forest and either has Domain Administrative permissions and belongs to the Domain Administrators group or is explicitly granted Directory Replication permissions for every domain of the forest that this ADMA accesses.
Establish the connection from EIC directly to the domain hosting the target application or the domain controller (DC). While testing the connection, the connector dynamically obtains the list of DCs based on the forest list specified in the connection. If a DC is down and the connection to it fails, the connector polls the other DCs in the forest to determine which DC to connect to. For more information, see Configuring a High-Availability Connection.