Skip to Content
avatar image
Former Member

Service account change for Windows AD Authentication

Team,

we are planning to change the service account which we are using for windows AD authentication and we have Enterprise alias for every windows AD user so no issues with data.

Please, let me know what is the best process to make the changes and provide the documentation if there is any.

Thanks,

Srikanth

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Jul 20, 2017 at 04:09 PM

    The standard KBA 1631734 shows there are 3 primary places for a service account

    1) running the SIA (added to local admin group)

    2) in the CMC (AD plugin administration account)

    3) In the web/app java options (as password) or in the global.properties (as password or keytab)

    Check all the locations you will need to update them all. It's possible that the account could be used for non auth related functions such as scheduling to a file location but wouldn't be covered under the authentication config.

    -Tim

    Add comment
    10|10000 characters needed characters exceeded

    • nothing about the AD account would affect enterprise unless the CMS did not start. Sometimes the SIA starts and CMS does not (check in windows task manager). Typo of password could be the fault or look at the microsoft security and ysstem logs.