If you are having trouble joining your FAC to your domain, the service account may need elevated permissions. If you are not comfortable just making it a Domain Administrator temporarily, I was able to confirm this list of permissions as being necessary for a service account to create/update a machine account into the domain:
[ul]This information was taken from this post:
Hi ergotherego,
Thanks for the contribution, I will look for an official document explaining that for sharing.
Best regards.
Hi ergotherego,
Here you can find our official documentation regarding account privileges:
https://docs.fortinet.com/document/fortiauthenticator/6.5.1/administration-guide/569230/ldap
To respect the principle of least privilege, a domain administrator account should not be used to associate FortiAuthenticator with a Windows AD domain. Instead, a non-administrator account can be configured with the minimum privileges necessary to successfully join a Windows AD domain. To do this, create a user account in the applicable hierarchy of your Active Directory, then delegate the ability to manage computer objects to the user account.
Best regards.
Ezequiel.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.