Chapter 4. AD administration rights
When you want to build a trust between AD (Active Directory) and IdM (Identity Management), you will need to use an AD administrator account with appropriate AD privileges.
Such an AD administrator must be a member of one of the following groups:
- Enterprise Admin group in the AD forest
- Domain Admins group in the forest root domain for your AD forest
- For details about Enterprise Admins, see Enterprise Admins.
- For details about Domain Admins, see Domain Admins.
- For details about AD trust, see How Domain and Forest Trusts Work.