Microsoft AD Secret Template for RPC

Overview

This document briefly discusses using Secret Server Remote Password Changing (RPC) for Microsoft Active Directory (AD) accounts. With Remote Password Changing (RPC), secrets can automatically change remote account passwords when a secret expires, either immediately or on a defined schedule. In addition, the new passwords’ strengths and other qualities are completely configurable. See the Password Changer List for a complete list of available password changers.

Prerequisites

RPC setup for AD requires the following:

• Use a privileged account with the correct permissions. Select the Privileged Account Credentials option on an AD secret with permission to change the account's password.

• Ensure the appropriate permissions for Active Directory are enabled. For details, seeSetting Minimum Permissions for AD RPC Service Accounts.

Assigning a Password Changer to a Secret Template

After completing the RPC setup, you can manage the built-in secret templates. Each secret template is specific application and is preconfigured with the password changer best suited to that. For AD, we want the Active Directory Account template.

You can view and modify secret templates in the Secret Server administration panel. See Creating or Editing Secret Templates for more on the available options. Ensure that the secret template is in active status. See Activating and Deactivating Templates for details.

To navigate to a Microsoft AD secret template:

1. Go to Administration > Secret Secret Server > Administration. The Secrets Administration page appears.

2. In the Core Actions section, click Secret Templates. The Secret Templates page appears with a list of available templates.

3. Click the Active Directory Account template name. That template’s page appears.

4. Click the Mapping tab.

5. You can now view or edit the RPC for the secret template. For more information, see Assigning a Password Changer to a Secret Template.