Symantec Privileged Access Management

I working at integrate PAM 3.1.1 with Active Directory. i request to customer one user with peivileged from Domain Admin, but i reading the documentation and not find information about of this type of user or permission that the user will to have. The customer request the oficial documentation for create the user.

What type of user should I request to integrate PAM with active directory?

Hi Julian,

Here is a link to the information on importing LDAP groups: Import LDAP User Groups - CA Privileged Access Manager - 3.1.1 - CA Technologies Documentation 

You will note in step 9 of Import LDAP Groups it states, "The default role is Standard User." 

When I'm advising a customer on how to import from LDAP, I recommend users are placed in groups that are more easily managed in CA PAM. For example, DBAs should be placed in the appropriate DBA group whether it be Microsoft, Oracle or MySQL; Server Administrators placed in an appropriate group and so on. This way when they are imported to PAM they are in the appropriate group and they can be managed from there.

I hope this helps,

Christo

If your question is regarding account requirement for integrating pam with Active Directory then You need an AD account(generally reffered as service account)  which  should have permission to read active directory tree. 

Hello Julian,

By default in MS-AD any member of the "Authenticated Users" group has READ permissions on all user and group objects in the compete tree.

(This can be changed with  Users&Computers / View / Advanced / right-click-the-object / Properties / Security)

To answer your question, for integrating AD via LDAP to MS-AD an ordinary user is sufficient.