This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

What AD privileges are required to join domain?

What AD privileges are required to join domain?

Go to solution
Anonymous
Not applicable

‎01-30-2021 11:36 AM

Hi,

What account privileges are required to join the A3 to the domain?

With ExtremeControl there is a definitive set of privileges that are required for joining the domain. Its not generally going to be Ok to get full domain privileges account, hence be good to know exactly what is required - maybe it is even the same as the below?

 

https://extremeportal.force.com/ExtrArticleDetail?an=000090980&q=nac%20ntlm%20privalages

 

Many thanks in advance

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
OscarK
Extreme Employee

‎02-08-2021 12:52 PM

The account needs to be able to create a computer account, similar to adding a computer to a domain.

It would need the same privileges and it is only once for the add, after that a normal user account is used for checking.

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Bill_Handler
Contributor II

‎02-08-2021 08:55 PM

Martin,

An AD account that has ‘Account Operator’ privileges works for this purpose.

0 Kudos

Go to solution
OscarK
Extreme Employee

‎02-08-2021 12:52 PM

The account needs to be able to create a computer account, similar to adding a computer to a domain.

It would need the same privileges and it is only once for the add, after that a normal user account is used for checking.

0 Kudos

Go to solution
Anonymous
Not applicable

‎02-06-2021 06:02 PM

Hi Oscar,

Thanks for responding, sorry, the latter is what what I meant.

Is there a set of privileges that you aware of that would be needed for this, as asking for a full domain admin account usually creates an issue, for obvious reasons.

With Extreme Control I could provide the link above and the domain admins could create a cut down version account that didn’t essentially give me the keys to the kingdom, which is the root of the problem.

Cheers

0 Kudos

Go to solution
OscarK
Extreme Employee

‎02-01-2021 07:27 AM

Hi Martin, in the authentication source the account used does not have to be an admin account.

The distinguished name for the user account that A3 will use to conduct user lookups; this does not need to be the Administrator’s account.

When you create and join the Domain in Active Directory you need an administrator account as it needs to add A3 as computer to the domain.

 

0 Kudos
GTM-P2G8KFN