Announcements
Hello team.
I've an dynamics crm on-premises and i'm using the services accounts under domain admin group in active directory.
Today the security team was asking why these account are under the domain admin group.
There's an official document referring to service accounts rights and if this accounts should be in these group or can be remove from domain admin group?
I don't remember why i added these accounts in domain admin.
It's a productive environment.
Thanks a lot.
Hey Jonathan.
Most of the information can be checked on https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/security-considerations-for-microsoft-dynamics-365?view=op-9-1. Not sure why on your particular scenario they were added to "Domain admins", as the recommendation is always "least privilege". Installation does require that the users are added as local administrators on the machines where you're installing. However, these points are interesting:
Best regards
André Arnaud de Cal... 291,359 Super User 2024 Season 2
Martin Dráb 230,370 Most Valuable Professional
nmaenpaa 101,156