Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1393
Views
0
Helpful
3
Replies

FTD AD Realm

fatalXerror
Level 7
Level 7

‎09-04-2019 10:20 AM - edited ‎02-21-2020 09:27 AM

Hi,

I checked the documentation but I cannot see what I am looking for.

This is about the integration of the FTD to the AD using the Realm, I would like to know what should be the AD service account privileges for the integration to work?

Thanks

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-04-2019 10:55 AM

The account must be any Active Directory user with appropriate rights to create a Domain Computer account in the Active Directory domain. 

0 Helpful

fatalXerror
Level 7
Level 7
In response to Marvin Rhoads

‎09-04-2019 12:01 PM

Hi @Marvin Rhoads , thanks for the feedback.

Do you have any documents for that one? That's the only privilege that I need to set in my service account? Does it include also lookup for the OU and Users?

Thanks

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to fatalXerror

‎09-04-2019 12:23 PM - edited ‎09-04-2019 12:25 PM

Here's the reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/create_and_manage_realms.html

As far as I know and have seen it does include those features you mentioned.

I note that those joining privileges are only if you need to use Kerberos for captive portals. Further down in the reference it mentions:

"The distinguished username and password for a user with appropriate access to the user information you want to retrieve.

Note the following:

  • For Microsoft Active Directory, the user does not need elevated privileges. You can specify any user in the domain."

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card