I'm attempting to get permissions delegated to an Active Directory service account for some automated bulk operations that will need to be done. However, the team that manages rights, roles and permissions within ARS seems to be having some difficulty. When attempting to connect to the ars service with my AD ID, I issue the following command, and get the following output:
PS C:\> $conn = Connect-QADService -Service 'some.corp.com' -Proxy
PS C:\> $conn
CN=Active Directory ARS
When I issue the same command while logged in to a workstation with the service account, I get an error:
Connect-QADService : Server not exist or could not be contacted
However, when I don't use the -Proxy switch, I'm able to connect directly to an Active Directory domain controller. I've been told that our Security team wants everyone to use Active Roles for auditing purposes. Without the -Proxy switch, I can't meet that requirement.
While the error message is not the most exact, given that I can connect with my ID, but not with the service ID, even when logged on locally to a workstation with that ID and even when using the same command to connect to the Active Roles Adminsitration Service, I'm left to assume that this is a permissions problem with the service account. Can anyone tell me the minimum permissions needed for an Active Directory account to connect and authenticate to the Active Roles Admin Service using the Quest AD cmdlets?