To support Active Directory (AD) pass-through authentication:
When configuring the connector server to run as a user, that user account must have the “Act As Operating System” and “Bypass Traverse Checking” user rights. By default, the connector server runs as the Local System account, which should already have these rights. Also, the “Bypass Traverse Checking” user right is enabled for all users by default.
If you must update user rights, there might be a delay before the updated security policy is propagated. Once the policy has been propagated, you must restart the connector server.
Accounts being authenticated must have “Access This Computer From The Network” user rights on the connector server.
The connector server uses the LogonUser function with the LOGON32_LOGON_NETWORK log-on type and the LOGON32_PROVIDER_DEFAULT log-on provider to perform pass-through authentication. The LogonUser function is provided with the Microsoft Platform Software Development Kit.