Good afternoon,
I was just looking for a bit of guidance if you have any on what permissions are required for the service account to be able to run automation in Active Directory (specifically the Active Directory Group Management, and Active Directory User Management packages)? I have the SIS set up, and have discovered a nearby DC and it is managed in ITOM. I have added creds that I know can create users, by testing it in ADUC. However, when I try to run a job from ITOM, I keep getting the following error:
Remote job creation failed. It was not possible to connect to the remote system. Access is denied.
If I sub out the creds for Domain Admin creds, it works with no issue. If I make the service account an admin on the DC, it works with no issue. However, based on least privileges, I simply can't make that service account a Domain Admin when it only needs to create and edit users. I've tried providing it with RDP permissions, making it a member of the Account Operators groups, but nothing else seems to work. I know this isn't so much a Hornbill issue, but was wondering if you'd come across this and had any guidance on it.
Thanks,
Gareth