Hows it going everyone.
Had an interesting conversation with another engineer today
about the service account that AAD Connect is using. Normally if you do not
specify a service account it should create an account for you named AAD_Junk, assuming you have the proper permissions.
A lot of time was spent today trying to figure out why a good and working install of AAD Connect did not have the expected user account, and maybe this is my rookie showing, but the service account was running under NTSERVICE\ADSYNC.
A lot of time was spent today trying to figure out why a good and working install of AAD Connect did not have the expected user account, and maybe this is my rookie showing, but the service account was running under NTSERVICE\ADSYNC.
This didn’t seem right to me as I was expecting the AAD_
account so rereading the documentation I found out that Microsoft changed the
default service account AAD Connect uses in April 2017.
It appears all new versions will default to using the Virtual Service Account method.
It appears all new versions will default to using the Virtual Service Account method.
The relevant documentation can be found here
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions#create-the-ad-ds-account
