Oracle Cloud Infrastructure Documentation

Setting Permissions for Delegated Authentication

Set permissions for your Microsoft Active Directory domain administrator account so that you can configure delegated authentication for the AD bridge.

  1. Open Active Directory Users and Computers.
  2. Right-click the user, group, or organizational unit (OU) that you want to delegate, and then select Delegate Control.
  3. On the Delegation of Control wizard, select Next, and then select Add.
  4. On the Select Users, Computers, or Groups dialog box, in the text area, enter the username or group name that needs to be granted permissions to configure delegated authentication.
  5. Select Check Names to verify that the user or group has been created in AD. If it hasn't been created, then create it.
  6. Select OK, and then select Next.
  7. Select the Delegate the following common tasks option, and then select Reset user passwords and force password change at next logon.
  8. Select Next, and then select Finish.
    The next steps explain how to set specific permissions to lock and unlock user accounts.
  9. Right-click on the newly modified user or group, and select Properties.
  10. Select the Security tab, select Advanced.
  11. On the Advanced Security Settings, select Add.
  12. On the Permission Entry wizard, select Select a principal, and enter the same username or group name that has been granted reset permission.
  13. Select OK.
  14. In the Applies to field, select Descendant User objects.
    The list of permissions permitted for the user account (Principal) is displayed.
  15. Scroll down and enable Read lockoutTime, and Write lockoutTime.
  16. Select OK and continue to select OK until the end of the setup.
    The user account now has permissions to change passwords for all the user objects present in the high-level context.