2 Replies Latest reply on Mar 10, 2008 5:22 PM by TCash

    Question about AD Discovery account rights

      We converted to AD last year and are now considering using AD Discovery and Synchronization. We currently have approximately 2600 desktops and servers. Our ePO is currently populated and organized by department name, then workstation. The departmemt initials preceed the workstation name which makes it easy to identify and sort them when they first report to the ePO.

      My question is, Is it necessary to have Domain admin rights to use AD Discovery, and if I don't have that level of rights, what kind of problems will I have importing and managing the ePO tree.

      Any input is appreciated.


      VSE 8.5i, 8.0i, 7.1
        • 1. RE: Question about AD Discovery account rights
          You only need read rights to the AD containers that you are mapping too in your mapping point not domain admins.
          • 2. RE: Question about AD Discovery account rights
            Thanks Tony99, I appreciate your response. I'm new to the forum.

            McAfee Documentation reads that you need access to the deleted objects in AD would that be read or write or both.

            McAfee support has gone as far as to say that you need read\write credentials to AD, for AD Discovery and Import. They actually recommended Domain Admin accounts, but then again, what tech support didn't recommend "God" access for their applications. As you can imagine, the AD folks are quite reluctant to give that access, or anything close to it. I'm inclined to agree.

            I'm trying to get definitive information before I recommend moving to AD Discovery and Import. Any thoughts toward this matter are greatly appreciated .