When testing a policy with a Directory Binding payload, I am receiving this error and the policy is failing:
The username (xxxxx) and password provided for the domain (xx.xxxxxxxxxxxx.edu) was not valid. (Attempt 5)
Some background: Our institution is currently migrating from an Internal Active Directory Forest/Domain to an outfacing Forest/Domain. As a part of the migration we are now following the Red Forest security recommendations.
With our current AD Domain Structure I have a Service Account for the LDAP Server Configuration with the JSS that is an actual AD admin account.
With the new AD Domain Structure I have a new Service Account that has the least allowed privileges to bind computers to the domain. This account does not have login privileges to the AD Domain Controllers or any elevated privileges other than bind privileges.
I have configured the new domain in the LDAP Server Configuration Settings manually (with help from our AD Administrator). Within the LDAP Server Configuration, I can confirm a connection to the Domain Controller with the 'Test' button by searching for users within the new domain and getting an accurate result.
Would having a new Service Account with less than admin privileges in the domain cause the failure?
What is the lowest level of AD admin privileges do I need to have a valid username and password for the bind payload to work?
Thanks for any advice you can give.
Cheryl