Add the Active Directory User to Groups
Use this procedure to give the Active Directory and passive identity agent service user sufficient privileges to Active Directory.
To function normally, the passive identity agent must be able to connect to the domain and to read the Windows Event Log. This topic discusses how to give the proper privileges to:
-
The passive identity agent service user.
-
Active Directory user (namely, the Directory Username user in the Active Directory realm on the Secure Firewall Management Center).
Before you begin
You must be a Microsoft Server administrator familiar with how to add a user to a group and how to set a Windows service to run as a specific user.
Procedure
Step 1 | Log in as an administrator to the system on which the passive identity agent is running. You can log into any of the following:
|
Step 2 | Start the Server Manager. |
Step 3 | Click . |
Step 4 | Under Active Directory Users and Computers, expand the forest in which the directory user is defined. The following figure shows an example.
|
Step 5 | Expand the organization unit or group to reveal the directory user. (You can create a new user by clicking ). |
Step 6 | Right-click the directory user and click Add to a group. |
Step 7 | In the Select Groups dialog box, enter Event Log Readers and click Check Names. The following figure shows an example.
|
Step 8 | Repeat the preceding tasks to add the user to the Domain Users group. |
Step 9 | In the Add Groups dialog box, click OK. |
The directory user now has the appropriate permissions and the passive identity agent service runs as that user.