Network Security: Detailed info on Re: creating AD accounts for IdM solutions

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Microsoft

[Top] [All Lists]

Re: creating AD accounts for IdM solutions

from [Saqib Ali] Network Security

[Permanent Link]

Subject:	Re: creating AD accounts for IdM solutions
Date:	Sat, 21 Jan 2006 08:00:01 -0800

Hello,

It is not a "Domain Admin" account. However it is a service account
that will require admin previleges over all users/groups/computer
objects in the AD, spanning multiple domain.

On 1/20/06, Thor (Hammer of God) <thor@hammerofgod.com> wrote:

A "domain admin" equivalent account should not be a requirement.  I would be
leery of configuring a 3rd party application to use "domain admin" as you
can't ensure that:


--
Saqib Ali, CISSP
http://www.xml-dev.com/blog/
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15

---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
creating AD accounts for IdM solutions, Saqib Ali Re: creating AD accounts for IdM solutions, Thor (Hammer of God) Re: creating AD accounts for IdM solutions, Saqib Ali <=

Previous by Date:	Re: creating AD accounts for IdM solutions, Thor (Hammer of God)
Next by Date:	Re: How to disable interactive logon for service accounts on W2K and W2K3, manzo
Previous by Thread:	Re: creating AD accounts for IdM solutions, Thor (Hammer of God)
Indexes:	[Date] [Thread] [Top] [All Lists]