Using Delegation of Control

We recommend using delegation of control to assign the user account the access it needs to perform its tasks.

The only access that the user account needs is:

  1. Create, delete, and manage user accounts
  2. Reset user passwords and force password change at next logon
  3. Read all user information
  4. Modify the membership of a group

active_directory_connection_delegation_of_control.png

Please make sure that the user account has the appropriate permissions for the tasks it is set up to perform. For example, if Connect to AD is set up with Group Mappings, then the user account needs the "modify the membership of a group" permission.
 
You can also add the user account to any of these security groups, which includes the required access, however, we recommend using Delegation of Control as a best practice. 
  • BUILTIN/Account Operators - Account Operators - Members can administer domain user and group accounts
  • example.com/Domain Admins - Domain Admins - Designated administrators of the domain
  • example.com/Enterprise Admins - Enterprise Admins - Designated administrators of the enterprise

This article is exclusively for Active Directory.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.