10.2.13.5.2.1. Create system user
  • 1.
    Go to Administrative Tools, select Active Directory Users and Computers and create a user for Airlock IAM (e.g. syskerb-airlock-a).
  • 2.
    Configure the following settings on the user:
  • User cannot change password is enabled

    Password never expires is enabled

    Account is disabled is NOT enabled

    This account supports Kerberos AES 256 bit encryption is enabled

Administrators wanting to create the user with PowerShell can use the following snippet:

function create_systemuser ($_systemuser_name, $_etype, $_systemuser_password){
    New-ADUser -Name ${_systemuser_name} `
        -Enabled $True `
        -CannotChangePassword $True `
        -PasswordNeverExpires $True `
        -KerberosEncryptionType ${_etype} `
        -AccountPassword (ConvertTo-SecureString "${_systemuser_password}" -asplaintext -force)
}

$systemuser_password = "STRONG_PASSWORD"
$encryption_type = "AES256"
 
create_systemuser "syskerb-airlock-a" `
   ${encryption_type} `
   ${systemuser_password}

As this is a very important user, a strong password is highly recommended!