Goodmorning everyone,
i have a problem managing the Active Directory service account, in particular the permissions that needs to be given to it.
The service account needs permission to read and change passwords for the administrative accounts in the domain.
By technical specifications we can see that the service account doesn't need to be a domain admin, but to change passwords for administrative accounts it must be or at least have a delegation. We don't want to promote it to domain admin role so we chose the delegation path. The problem is that the delegations for a non-administrative account will automatically be revoked after 15 minutes maximum.
How can we make it be permanent without assigning the domain admin role? Is there another solution?
Thank you,
Samuele Fochi