Environment
Directory and Resource Administrator 8.7.x
Directory and Resource Administrator 9.0.x
Situation
What are the minimum permissions required of the DRA Service account?
How do I configure the DRA Service account to be a non-Domain Admin account?
Can the DRA Service account be a non-Domain Admin?
Does the DRA Service account have to be a member of Domain Admins?
How do I configure the DRA Service account to be a non-Domain Admin account?
Can the DRA Service account be a non-Domain Admin?
Does the DRA Service account have to be a member of Domain Admins?
Additional Information
Please see the DRA Install guide for the most current AD permissions requirements. Our documentation can be found under: https://www.netiq.com/documentation/directory-and-resource-administrator/index.html
Without using the Domain Built-In Administrators group, the powers of the Domain Access Account within DRA will be limited. By default Active Directory is configured to only allow Domain Admins, Enterprise Admins and Built-In Administrators access to the Built-In container within the Domain. The Default Domain Policy GPO is configured to grant Administrators and Domain Admins the right to modify the Trusted for Delegation flag on User and Computer accounts within AD.
Without using the Domain Built-In Administrators group, the powers of the Domain Access Account within DRA will be limited. By default Active Directory is configured to only allow Domain Admins, Enterprise Admins and Built-In Administrators access to the Built-In container within the Domain. The Default Domain Policy GPO is configured to grant Administrators and Domain Admins the right to modify the Trusted for Delegation flag on User and Computer accounts within AD.