Principle of Least privilege on service account

Prajna Priyadarshini 6 Reputation points
2022-04-09T06:09:10.95+00:00

As part of the AD Password Protection implementation, a service account was created with domain admin permissions on AD and Global Administrator role on Azure AD. This was the required permissions in order to run the PowerShell scripts on the proxy server.
Now I would like to demote the privilege on the service account in AD to support the principle of least privilege. I have updated the permission on Azure AD to Security admin role and want to follow a similar approach on Active Directory too. Anyone here knows what to do?
Thank you

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,932 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. João Lucas F. Andreatta 6 Reputation points
    2022-04-09T19:22:16.537+00:00

    Condragulations, nice service. successeful!

    1 person found this answer helpful.
    0 comments
  2. Josh Wortz 76 Reputation points
    2022-04-09T16:21:39.637+00:00

    The account privileges of DA are only required for the initial installation of the agent. After it is installed the service should run under the Local System.