Service Account Management
The Service Account Manager serves three purposes. It allows you to:
-
Create new accounts with random passwords.
-
Use existing AD accounts as Unified ICM service accounts.
-
Provide an interface to modify Unified ICM service account passwords.
The following diagram illustrates the basic workflow of the Service Account Manager.
Other Considerations
Permissions
You must have the correct privileges to create or modify the accounts in the domain. Typically, a Domain User with local administrator privilaege performs this task.
Domain Restriction
The service account must be in the same domain as the Unified ICM server and also the UPN login name of the Service When choosing an existing account, the account user should be same as NETBIOS pre-windows 2000 login name (SAM Account Name).
Special Case: If the distributor service Account and logger service account is different then add distributor service account in logger.
AD Update Failures
If the Service Account Manager finds that a service is running, it first requests your permission; if you approve, it stops the service. If you choose not to stop the service, the Service Account Manager does not modify the service account information. If the Service Account Manager explicitly stopped the service before you edit the account information, it automatically starts the service. If the Service Account Manager fails to update the account in AD, due to either a noncompliant password policy or any connectivity error, the Service Account Manager warns you and logs the error. At that point, you can choose to fix the problem and retry, or cancel.
Logging
The application maintains its own log file, when you invoke it as a standalone application. If you invoke it through the Web Setup tool, logs write to the Websetup log files only.
Service Account Memberships Setup for CICM Replication
When the application is invoked from the standalone NAM's Logger servers (sides A and B), the command line is as follows:
ServiceAccountManager
/SrcInstance<InstanceName>
/DestDomain<DomainName>
/DestFacility<FacilityName>
/DestInstance<InstanceName>