Web Active Directory recommends that you create a service account in your Active Directory domain dedicated to creating new accounts for PeoplePlatform, use the service account to bind to your Active Directory to perform search and account creation operations instead of passing the user’s credentials to Active Directory for binding.

Delegating Active Directory Permissions to the PeoplePlatform Service Account

PeoplePlatform requires that your service account have create account permissions in the Active Directory domain. Once you create the PeoplePlatform service account in your domain, use the procedure below to grant the necessary permissions to run the software.

To grant Microsoft Active Directory permissions to your PeoplePlaftorm service account:

1. Open Active Directory Users and Computers from the Start > All Programs > Administrative Tools menu.
2. At the root of the directory tree for the domain (or another OU you want to allow PeoplePlatform to manage), right-click the container and choose Properties.
3. Click Delegate Control to open the Delegation of Control Wizard.
4. Click Next to proceed past the wizard’s welcome page.
5. Click Add and find the PeoplePlatform service account you created previously.
6. Click Next to proceed.
7. Click Delegate the following common tasks.
8. Choose the following options to delegate: Create, delete and manage users accounts; Reset user passwords and force password change at next logon; Modify the membership of a group
9. Click Next to proceed.
10. Click Finish to save your changes and close the wizard. The service account should now have the privileges it needs to create new users accounts for PeoplePlaftorm.