Re: ADAM Service Account

Dmitri,

I did that he first time but had problems when trying to use SSL as the
network service account did not have permissions to the ssl folder on the
local box. How do you set the permissions for the Network Service Account to
be able to use SSL in ADAM. I did not install the cert into the certificate
store for ADAM, I installed it using the certificate snap in on the local
machine. Also, we will be running other services on the same machine as ADAM.
I would prefer to use a domain account for the project we are working on.
What permission level is necessary? Please advise...

"Dmitri Gavrilov [MSFT]" wrote:

The best option is to use the default, Network Service.
It provides just sufficient privileges on the local machine (admin is too
much), and it also has sufficient permissions in the domain, to be able to
register SPNs on the computer account (which is needed for mutual auth), and
to create SCPs.

Using a named service account means you have to take care of password
changes, assigning appropriate permissions in AD for SPN registration and
SCPs, assigning local permissions on the box to open an LDAP listener and to
log security events, and maybe a few others... It only makes sense (in my
view), if there's many different services running on the same machine, and
you don't want to expose them to each other by sharing the service account.
If ADAM is the only service on the box, then using NetworkService makes most
sense.

--
Dmitri Gavrilov
SDE, Exchange

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"jskalicky" <jskalicky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EB564BA8-4BEE-49B0-9693-4874BE0039E8@xxxxxxxxxxxxxxxx
I am trying to install ADAM in our domain on two seperate servers. One will
be the Master and the other will be a replica. I will be using a domain
account for the service. What permissions are necessary for the ADAM
service
account in a domain? Do I just need to make it an admin on the local box?
Please advise....

.

Relevant Pages

  • Re: solving the problem of spsearch
    ... like a class id of 617 something), and if you give the configuration ... the service to run if I put my service account into the local machine ... After a lot of tinkering with COM launch permissions (which didn't ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: solving the problem of spsearch
    ... the service to run if I put my service account into the local machine ... After a lot of tinkering with COM launch permissions (which didn't ... to get the search service to run without error. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: OPENROWSET
    ... Yes...0x80004005 often indicates a permissions issue. ... make sure it has access to the network resources, ... OLE DB provider 'Microsoft.Jet.OLEDB.4.0' reported an error. ... sql service account. ...
    (microsoft.public.sqlserver.security)
  • Re: Error 22039 trying to add SQL 2K to AD
    ... "permissions that matter but rather the permissions of the SQL Server ... What do I lose by not having SQL server registered with AD? ... > of the SQL Server service account. ...
    (microsoft.public.sqlserver.setup)
  • Re: Access Rights to See DACLs in ADAM
    ... as they have control over the service account, can take ownership, ... Also best practice is to keep ADAM ... accounts have the administrator access rights. ... local administrators group, which we do not want to do, and which I have ...
    (microsoft.public.windows.server.active_directory)