Message Image

Skip main navigation (Press Enter).

Symantec Privileged Access Management

Back to discussions

Expand all | Collapse all

Service Account For AD Authentication

roosveltApr 09, 2019 12:35 PM

Can CA PAM use a service account to authenticate to an Active directory?

Robert WalkerApr 10, 2019 08:16 AM

yes, any account with atleast Read-Only privilege, to scan the directory.

roosveltApr 10, 2019 09:10 AM

If that's the case, when i am adding the target account the Account Name should be the service account ...

Robert WalkerApr 10, 2019 09:16 AM

yes, the Account name should be the Service Account name and the Distinguished Name will be 1 of 2 ...

1. Service Account For AD Authentication

0 Recommend
roosvelt
Posted Apr 09, 2019 12:35 PM

Reply Reply Privately
Can CA PAM use a service account to authenticate to an Active directory?
2. Re: Service Account For AD Authentication

1 Recommend
Broadcom Employee

Robert Walker
Posted Apr 10, 2019 08:16 AM

Reply Reply Privately
yes, any account with atleast Read-Only privilege, to scan the directory.
3. Re: Service Account For AD Authentication

0 Recommend
roosvelt
Posted Apr 10, 2019 09:10 AM

Reply Reply Privately
If that's the case, when i am adding the target account the Account Name should be the service account name and the Password would be the password of the service account right? For the Distinguished Name, can you give an example using a service account?
4. Re: Service Account For AD Authentication

1 Recommend
Broadcom Employee

Robert Walker
Posted Apr 10, 2019 09:16 AM

Reply Reply Privately
yes, the Account name should be the Service Account name and the Distinguished Name will be 1 of 2 options:
1) <serviceAcct>@domain.com
2) CN=<serviceAcct>,O=Domain,OU=com,...

try the first one, it usually works

Copyright 2023. All rights reserved.

Powered by Higher Logic