Adding Active Directory Domain Accounts

After you display the details for a selected domain, you can click Accounts to view, add, modify, or delete the Active Directory accounts used to access computers in the selected domain. In order to add domain accounts, you must have the Add Account permission enabled (see the Add Account permission in "Additional domain permissions."

To add a new account for a domain:

  1. In the Admin Portal, click *Resources*> Domains to display the list of domains.

  2. Select the domain to display the domain details.

  3. Click Accounts, then click Add.

  4. Type the user name and password for the account you want to use to access the currently selected domain.

    Note that you should specify the user name by typing the userPrincipalName account attribute.

  5. Select the Manage this credential or Manage password using administrative account (if an administrative account is configured for the domain) option if you want the Privileged Access Service to manage the password for the specified account.

    If you select this option, the Privileged Access Service will automatically update the password after you successfully add the account.

    Manage password using administrative account is only displayed if an Administrative Account is configured for the domain and Enable automatic account maintenance using administrative account domain policy is enabled. This option is selected by default. If there is no password configured for the account, Privileged Access Service checks to make sure the account is valid and then resets the password. Also, see Setting Domain-specific Policies.

  6. Optionally, type a description for the account, then click Add.

Managed Passwords and Password Complexity

For any account you add, you can also choose whether or not you want the Privileged Access Service to manage the account password. If you select Manage this credential, the Privileged Access Service automatically resets the password after the account and system are added and each time the account is checked in.

All managed passwords generated by the Privileged Access Service consist of at least one upper case letter, one lower case letter, one number, and one special character regardless of the system type. For Windows domain accounts, the following additional password rules apply:

  • Minimum password length: 12 characters.
  • Maximum password length: 32 characters.
  • Supported special characters: !$%&()*+,-./:;<=>?[]^_{|}~
  • Only characters that are standard ASCII characters are supported.

You should keep in mind that only the Privileged Access Service will know the managed password being generated and stored. You should not select this option if you don’t want the Privileged Access Service to manage the password for the account.