SPP check password of AD user in Protected Users Group

SPP can check the password of AD users with the connected service user. But if I add the AD user to the Protected Users group in the AD I get a error for password check. Password change still works. How does SPP check the password against AD? Is it by hash or login attempt? Is there additional rights in the AD necessary for the service user?

Parents

0 Darko 4 days ago

Hello Andreas,

Protected users require additional step. This is described in the following articles.

Minimum permission:

Minimum Required Permissions for Windows Asset and Directory Password Management and Sessions (4251460)

Additional step for Protected Users:

How to delegate permissions in Active Directory for a Safeguard service account (4263587)

Hope that helps.

Best regards,

Darko
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 Darko 4 days ago

Hello Andreas,

Protected users require additional step. This is described in the following articles.

Minimum permission:

Minimum Required Permissions for Windows Asset and Directory Password Management and Sessions (4251460)

Additional step for Protected Users:

How to delegate permissions in Active Directory for a Safeguard service account (4263587)

Hope that helps.

Best regards,

Darko
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

No Data