Service Account Permissions

To connect an Active Directory identity store to a domain, you must use a service account with elevated privileges. You can also use a Group Managed Service Account (gMSA) for this purpose.

See the following topics for details on these accounts:

• Service Account for Active Directory and Exchange
• gMSA for Active Directory