SOLVED AD service fails to start, unless account is in "Domain Admin" group

Status
Not open for further replies.
J

jharm73

Cadet
Joined
Oct 30, 2015
Messages
6
I CAN get the AD service to start when making the user part of the "Domain Admins" group. As most system admins, I like to follow least privilege scenario. What rights do I need to delegate to my service account to be able start the AD service. I have already tried giving it access to add computer objects to the domain, but it must need something more.
 
J

jharm73

Cadet
Joined
Oct 30, 2015
Messages
6
I created à standard service account (normal account with service name) , and give full control over computer account corresponding to freenas computer under security tab of computer account properties

(got this from another user on another thread)
 
Status
Not open for further replies.

Similar threads

M
  • Locked
Configuring Active Directory Service - AD Administrator Account
Replies
2
Views
3K
mtadeacon
M
N
  • Locked
Joined AD but cannot change to a created service account
Replies
4
Views
2K
JohnL7
J
G
  • Locked
(FreeNAS 8.3.1) AD service doesn't start
Replies
8
Views
8K
Gdetch
G
D
  • Locked
need help with Windows 10 AD authentication.
Replies
1
Views
1K
dlavigne
D
S
SMB share and Mysql service database directory
Replies
9
Views
3K
sretalla
sretalla
Top