Active Directory Prerequisites
This section describes the requirements for the Active Directory Service Account running ITM On-Prem (ObserveIT) services.
All ITM On-Prem (ObserveIT) back-end components must be members of the same Active Directory domain.
ITM On-Prem (ObserveIT) Service Account
Create an Active Directory Service Account for ITM On-Prem (ObserveIT) with the following properties:
-
Use current naming convention for the account. If no naming convention exists, use OITServiceAccount.
-
Set user rights as member of the Domain Users Active Directory Security Group, no additional permissions are required.
-
Set password to never expire.
ITM On-Prem (ObserveIT) Service Account is a member of the following local Security Groups:
-
Administrators
-
IIS_IUSRS
ITM On-Prem (ObserveIT) Service Account has the following rights assigned to it:
-
Logon as a service
-
Run as a batch job
-
Interactive logon (for the duration of the installation or upgrade)
ITM On-Prem (ObserveIT) Data Retention Account
Create an Active Directory Service Account for ITM On-Prem (ObserveIT) data retention with the following properties:
-
Use current naming convention for the account. If no naming convention exists, use OITDataRetention.
-
Set user rights as member of the Domain Users Active Directory Security Group, no additional permissions are required.
-
Set password to never expire.
Related Topics: