Hi Ralf, I created a target account and associated it to a device which is a Domain Controller and successfully verified password by updating both the password authority server and the target. For the account details I selected the "use credentials from the following account" and selected Xsuite SVC account. For the Distinguished Name I manually entered "CN=EP_BCK_DA_01,OU=PAM Managed Backup Accounts,OU=Service Accounts,OU=Administrative,DC=internal,DC=dss,DC=mil". Next I created a policy. User (Group)=Domain Admins and Device (Group)=Domain Controller. It all seemed to work but when I logged off the super user and logged in with my Domain Admin account, I didn't see the account.
Keep in mind the EP_BCK_DA-01 account is a new account I created just last week. Does that account need to be imported from AD or is PAM already integrated with AD and automatically pulls it from AD? I'm not sure about that part and think that's where my problem may be.