Skip to main content

Hello,
Please, how do I synchronize user accounts in the domain to managed accounts? To have visibility of all user accounts and rotate the password if necessary.

 

 

When you say user accounts, are you referring to privileged accounts or standard user accounts?

You can use directory queries and smart rules to automatically onboard the privileged accounts and enable password rotation.


@Prudhvi Keertipati 

 

Hello Prudhvi,

These would be for both types of privileged accounts and standard user accounts. Do you have any sample templates, if possible, for this automatic integration? Thank you very much.


@Carlos Mendonça I don't have any sample templates that I can share, below are the few articles you can refer to.

Never add standard user accounts as managed accounts, only privileged accounts should be added as managed accounts.

Don't add all user accounts from AD to managed accounts. Instead use the filtering in directory queries and add those accounts which are in-scope of privilege access management.

 

BeyondInsight / Password Safe - Directory Queries for Password Safe - How to use the advanced filter - How to exclude objects

Smart Rules in Password Safe

BeyondInsight / Password Safe - Password Safe example Smart Rules that become Smart Groups


Based on your initial question, you will need to “map” standard user accounts to their privileged accounts at some point. Here is a helpful KB article (with video) that explains this process. 

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0017035


Reply