Prerequisites

• Create an Active Directory service account with the required permissions. A service account is a special user account that is created for the sole purpose of running a particular service or application on the Windows operating system. Services use the service accounts to log on and interact with the operating system.

• Before you start using the connector, install and register IQService on any Windows system with any of the supported Operating Systems. For more information on installing and registering IQService, see IQService.

  • If the Authentication Type is set to Strong, then the IQService host must be in the same domain or in a trusted domain.

  • For managing Terminal Services (Remote Desktop Services profile) attributes, install the IQService on a server class Windows Operating System.

• Secure Active Directory connector.

• For an application managing multiple domain trees, either from same or different forests, there must be two-way trust relationship between them.

• For managing Managed Service Accounts (MSA) or Group Managed Service Accounts (GMSA), the following prerequisites are required:

  • For reading msDS-GroupMSAMembership and msDS-AllowedToActOnBehalfOfOtherIdentity GMSA object properties, IQService is required and Active Directory Module for Windows PowerShell must be enabled on the IQService Host.

  • For Provisioning operations of MSA and GMSA objects, IQService is required and Active Directory Module for Windows PowerShell must be enabled on the IQService Host.