/
Active Directory Proxy Account Requirements

Active Directory Proxy Account Requirements

Owned by Phillip Hanegan
Last updated: Sept 28, 2018


EmpowerID uses highly privileged user accounts when connecting to user directories such as Active Directory, LDAP or database systems. These user "account stores" use saved proxy accounts for connecting to these systems and performing user account management operations. EmpowerID requires one privileged account per domain or directory. This account requires all of the privileges matching the functions that EmpowerID may perform (user creation, deletion, password reset, group creation, etc).

If you will be managing an Active Directory Domain, the proxy account must be able to access the deleted items container in AD. Access to the Deleted Items container requires Domain Admin access unless the container security is edited to allow non-domain admins to read it. Instructions for editing the security of the deleted items container can be found in the Microsoft Article, "How to let non-administrators view the Active Directory deleted objects container in Windows Server 2003 and in Windows 2000 Server" which can be viewed in full at http://support.microsoft.com/kb/892806.



Related content

Active Directory Connector (On Premise)
Active Directory Connector (On Premise)
EmpowerID Admin Guide 22
More like this
Connect to Active Directory
Connect to Active Directory
EmpowerID Admin Guide 22
Read with this
Connect to Active Directory
Connect to Active Directory
EmpowerID Admin Guide v20
More like this
Active Directory
Active Directory
EmpowerID IGA Core
Read with this
Deleting User Accounts
Deleting User Accounts
EmpowerID Admin Guide v20
More like this
Identity Administration
Identity Administration
EmpowerID Admin Guide v20
More like this