The Active Directory services, as implemented on the Metasys system, require a service account in Active Directory service consisting of a user name, password, and domain. The feature uses this service account when executing LDAP queries of Active Directory service. The Active Directory service feature allows the use of one Service Account to access all domains, or one Service Account per domain.
The service account in Active Directory service must have directory read privileges. These privileges may be open to the entire directory or limited to only those organizational units and domains that contain Metasys privileged Active Directory service users and groups. For some Active Directory service configurations, the IT department may dictate that one service account is created per domain.
The service account user name, password, and domain are defined by the customer IT department. This user should be created with a non-expiring password. If the IT department requires the modification of the Service Account password on a periodic basis, a Metasys system work process must be defined to update the password in the Security Administrator System at the time it is changed in Active Directory service. If the Service Account password in the Metasys system does not match the Service Account password in Active Directory service, Metasys system access by Active Directory service users is denied.