Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
927
Views
0
Helpful
3
Replies

reason for admin user in AD / ACS 5.2 join

Go to solution
hans.velez
Level 1
Level 1

‎04-14-2011 01:27 PM - edited ‎03-10-2019 05:59 PM

hi everyone,

I need to know that the ACS must have a user with elevated privileges so as to create and delete users on the AD, please do not report the reasons given in the user manual by 5.2 acs that reason is not enough to that the customer will provide this type of user.

The specific question:
what would be the reason for that software has to access the AD to a user with these privileges so high?

thanks for your help!!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
a-ford
Level 1
Level 1
In response to smartnet_2s

‎06-02-2011 07:35 PM

I just recently integrated 5.2 boxes with AD and we found the easiest way was to simply grant the system account for the ACS full control over its own machine object. We didn't have to give it any additional rights to other domain objects and it appears to be suffcient for it to perform the join operation each time the service is restarted as well as performing authentication actions.

Hope this helps.

Adam

View solution in original post

0 Helpful
3 Replies 3

Go to solution
mansrini
Level 1
Level 1

‎04-19-2011 10:49 PM

Hello,

Its not really necessary for the acs to have a domain admin user.. Any user with permissions to add/remove computers on the domain will do. This username will be used just during the time when the acs joins itself to the domain as a domain computer. Hope this helps.

Thanks,

Mani

0 Helpful

Go to solution
smartnet_2s
Level 1
Level 1
In response to mansrini

‎05-27-2011 03:26 PM

Hi;

I have a integration of the acs 5.2 with MS ACTIVIE DIRECTORY, and my customer is using the same user and password  with read permission in acive directory database, but this follow message happen:

I believed that message was by not enough account privilegies.

Can I help me?

Regards;

Pietro

Preview file
89 KB
0 Helpful

Go to solution
a-ford
Level 1
Level 1
In response to smartnet_2s

‎06-02-2011 07:35 PM

I just recently integrated 5.2 boxes with AD and we found the easiest way was to simply grant the system account for the ACS full control over its own machine object. We didn't have to give it any additional rights to other domain objects and it appears to be suffcient for it to perform the join operation each time the service is restarted as well as performing authentication actions.

Hope this helps.

Adam

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents