Hi Parallels Team, we have adjusted the permissions of various OUs in our Active Directory. After this change we get the following entries in the RAS logs: "Failed to get password expiration date for user "some_user" with error 0x8000500d" Is this error message questionable? Which user / group does RAS use to access AD user properties? I ask this question to adjust the OU permissions accordingly. Best regards Patrick
Dear Patrick, Please, use "View effective access" in OU Properties -> Security tab for "Authenticated users" where "Read", "List contents" & "Read all properties" + some specific Reads (custom permissions) are usually enabled by default. If you removed "Authenticated users" you can add the above permissions to "Authenticated users" for a particular OU. If you need more restrictions you can create an AD domain local group and add the PAs computer accounts to it and then delegate "Read all user information" permission to this group at OU level which will be applied for all descendant user objects. We never tested this but it should work.
Hi Alexey, I have created a new group for the PAs and assigned read permissions for the OUs. After a reboot of the Master PA, I did not receive the message anymore. Many thanks for your help ! Best regards Patrick