Our auditors are having a fit about the dcdadmin and unityinstall accounts having
root access. They unityinstall account isn't an issue, I can just disable it until it's needed but the dcdadmin
account I'm not too sure of.
The way I understand it is it's used to write info into AD from CM for users. Is that correct? If so are we able to just give it access to certain attributes and not the entire AD? Is there a document out there that explains what accounts are required for a CM install, what they are used for, and what premissions they need?