Chapter 4. AD administration rights

When you want to build a trust between AD (Active Directory) and IdM (Identity Management), you will need to use an AD administrator account with appropriate AD privileges.

Such an AD administrator must be a member of one of the following groups:

  • Enterprise Admin group in the AD forest
  • Domain Admins group in the forest root domain for your AD forest

Additional resources