- 1.Go to Administrative Tools, select Active Directory Users and Computers and create a user for Airlock IAM (e.g. syskerb-airlock-a).
- 2.Configure the following settings on the user:
User cannot change password is enabled
Password never expires is enabled
Account is disabled is NOT enabled
This account supports Kerberos AES 256 bit encryption is enabled
Administrators wanting to create the user with PowerShell can use the following snippet:
function create_systemuser ($_systemuser_name, $_etype, $_systemuser_password){
New-ADUser -Name ${_systemuser_name} `
-Enabled $True `
-CannotChangePassword $True `
-PasswordNeverExpires $True `
-KerberosEncryptionType ${_etype} `
-AccountPassword (ConvertTo-SecureString "${_systemuser_password}" -asplaintext -force)
}
$systemuser_password = "STRONG_PASSWORD"
$encryption_type = "AES256"
create_systemuser "syskerb-airlock-a" `
${encryption_type} `
${systemuser_password}As this is a very important user, a strong password is highly recommended!