Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ggolubovic
Staff & Editor
Staff & Editor

Created on ‎10-30-2025 01:51 AM

Article Id 416960

Technical Tip: Checking Collector Agent service account have enough privilege for LDAP query

Description This article describes the steps to check if the service account used for the Single Sign-on Service has enough rights for Lthe DAP query. 
Scope FSSO.
Solution

To be sure that the service account has enough rights and the correct password, run the attached PowerShell script ldap_service_acc_check.ps1.


Download attached ldap_service_acc_check.zip to the target folder, extract it there, and run it from PowerShell prompt:


.\ldap_service_acc_check.ps

 

PS_enter_cred.png

 

Enter username and password. Select OK.

In case if user has enough privileges, output will be printed in green color.

 

PS_success_green.png

When a user account does not have proper privileges, a wrong username or password, the output will be printed in red color.

 

ps_error_red.png

 

ldap_service_acc_check.zip
169
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.