Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Without DA or EA privileges in Service Account, Can ADSI perform provisioning and reconcilitation?

sangitaladi
Regular Contributor
Regular Contributor

‎03/10/2023 09:25 AM

Hi Team

 

We have a requirement, where we need to import AD accounts from a Root AD domain and two child AD domains to perform checkforunique before provisioning an AD account in one of the child domain.

Hence we are using ADSI connector.

But My query is, If the service account is created in Root AD Domain without Domain Admin/Enterprise admin privileges. Using  Delegated controls required permissions will be given for all 3 domains.

Will this above usecase work with delegated permissions ?

@RakeshMG 

@ParitaSavla 

@ksaathvik 

 

Thanks in advance.

Regards

Sangita Ladi

 

0 Kudos
2 REPLIES 2

sangitaladi
Regular Contributor
Regular Contributor

‎03/14/2023 10:41 AM

Team

 

A gentle reminder on the on the above query.

 

Regards

Sangita Ladi

0 Kudos

timchengappa
Saviynt Employee
Saviynt Employee

‎03/14/2023 04:14 PM

Hello @sangitaladi 

Please find a snip from our ADSI documentation: Preparing for Integration

  • For discovering objects in Active Directory using the Active Directory management agent (ADMA), the service account must reside in the root domain of the forest and either has Domain Administrative permissions and belongs to the Domain Administrators group or is explicitly granted Directory Replication permissions for every domain of the forest that this ADMA accesses.

  • .......

  • Establish the connection from EIC directly to the domain hosting the target application or the domain controller (DC). While testing the connection, the connector dynamically obtains the list of DCs based on the forest list specified in the connection. If a DC is down and the connection to it fails, the connector polls the other DCs in the forest to determine which DC to connect to. For more information, see Configuring a High-Availability Connection.

Copyright © 2024 Khoros, LLC