Proofpoint | ObserveIT On-Premises Insider Threat Management

Creating a Service Account User in Active Directory

This topic describes how to configure permissions to create a service account user in Active Directory. Active Directory is used connect to ObserveIT databases and to run ObserveIT services.

Prerequisites:

Windows Server machine installed

From the System Installation Prerequisites

Complete Active Directory Prerequisites

Complete Back-end Components Prerequisites

Permissions are required to set up a an Active Directory. For more information about this, contact the Active Directory team.

  1. Connect to a Domain Controller or to a computer with Active Directory Remote Server Administration Tools installed.

  2. Click Start and type dsa.msc and Enter.

  3. Navigate to the Organizational Unit where the ObserveIT Service Account will be located.

  4. Right-click the Organizational Unit, select New > User.

    Optional: Type ObserveIT into the First Name field and Service Account into the Last Name field.

  5. Type OITServiceAccount into the User logon name field and choose the appropriate UPN suffix. Click Next.

  6. Configure a password based on your organization's password policy requirements, uncheck the User must change password at next logon checkbox, and check the Password never expires checkbox. Click Next. Click Finish.

  7. Close the Active Directory Users and Computers window.

Add Active Directory Service Account to local Administrators Security Group

On the Windows Server machines that will host ObserveIT Application Server, ObserveIT Web Console, and ObserveIT Website Categorization module components:

Run PowerShell as Administrator.

Execute the command, replacing "<# DOMAIN\account #>" with the Active Directory Service Account name in the DOMAIN\account format.

Add-LocalGroupMember -Group Administrators -Member "<# DOMAIN\account #>"

Validate the account was successfully added. Execute the command below.

Look at the command output. If successful, expect to see the name of your Active Directory Service Account in the output.

Get-LocalGroupMember -Group Administrators

Related Topic:

Custom Installation Steps.

version 7.12.2