Please i have a question regarding the permissions required for the Service Account configured in the “Domain” configuration of the source.
Since IQService is the component that performs the provisioning operations on the Domain Controller, I am a bit confused about which account actually needs the write permissions in Active Directory.
Should the IQService service account be the one with the necessary write permissions in AD, while the account configured in the Domain configuration only requires read permissions?
Or should both accounts have read and write permissions in the domain?
Also, could you please clarify what the basic permissions are that should be granted to the service account used in the Domain configuration?
@DivyaL_7
Aggregation tasks uses domain configuration.
Provisioning activity uses IQService setup - Write permission.
1.Domain configuration: For aggregations used by Domain Configuration Account (in IIQ Application)
Configured in the Active Directory Application → Domain Settings
Used by IIQ for aggregation (read operations)
IQService Account (Windows Service)
Runs on the Windows server where IQService is installed
Executes provisioning operations (create, update, enable/disable accounts)
1.Domain configuration: For aggregations used by Domain Configuration Account (in IIQ Application)
Configured in the Active Directory Application → Domain Settings
Used by IIQ for aggregation (read operations)
IQService Account (Windows Service)
Runs on the Windows server where IQService is installed
Executes provisioning operations (create, update, enable/disable accounts)
