Discover Active Directory Services and Scheduled Tasks

Use account discovery to manage credentials of multiple Windows services and scheduled tasks.
capam32
You can use account discovery to manage credentials of multiple Windows services and scheduled tasks. To configure discovery for AD required the combination of an AD target account and a windows Proxy or Windows remote account. Using the combination that you can discover and manage updates for any services and scheduled tasks that use the AD account. You do not have to update the password on an individual service or scheduled task basis.
Discovery of services and scheduled tasks that are associated with AD accounts is based on AD domains and groups.
To configure this feature, complete the following topics:
2
Complete the Prerequisites
Before you use service or scheduled task discovery, ensure that the following prerequisites are met:
  • The target server and Active Directory target application are configured.
  • A Windows Remote or Windows Proxy target application and administrative account is configured. You must use one of these accounts to discover the services and scheduled tasks.
  • If the Windows Remote or Windows Proxy target account is of Administrator account type, the account requires Administrator rights on the Windows server.
    If your target account is to be used as a service account (that is, it is to be used to rotate passwords of other target accounts), we recommend that you prevent this account from being able to login interactively. To do this, assign the following User Rights to the Windows account:
    • Deny log on locally
    • Deny log on through Remote Desktop Service
  • The administrative account to be used for discovery has been verified in Credential Manager.
Discover Services that Use AD Accounts
Use service discovery to speed the process of adding services that are associated with an Active Directory target account. Discovered services are typically added to synchronized accounts so Credential Manager can manage them.
Follow these steps:
  1. Select
    Credentials
    ,
    Manage Targets
    ,
    Accounts
    . The Target Accounts page appears.
  2. Select a Target Account of the Active Directory
    Application Type
    to use for service discovery. The account that you select must be
    Verified
    (with a checkmark in the Verified column).
  3. Select
    Update
    .
  4. Ensure that the data in the fields are specified according to your requirements.
  5. For Service discovery, select the
    Services
    tab.
  6. For
    Change Services Using
    , select the credentials to use for changing Services:
    • Change Process Credentials:
      Use the credentials for this AD account.
    • Proxy or Windows Remote Credentials:
      Use the credentials for the Proxy or Windows Remote selected in the next step.
  7. For
    Discover Services
    , select Windows Remote or Proxy:
    • Using Proxy:
      Select the
      Proxy Host
      from the drop-down list. Enter the
      Host to Search
      on which the services reside.
    • Using Windows Remote Credentials:
      Select the magnifying glass icon to select a target account that is an Administrator on the target server.
  8. For
    Login Using
    , select the credentials for logging in:
    • Change Process Credentials:
      Use the credentials for this AD account.
    • Proxy or Windows Remote Credentials:
      Use the credentials for the Proxy or Windows Remote selected in the previous step.
  9. Select the
    Discover Services
    button. The procedure returns a list of services for the account. The discovered services are added to the table on the Services tab.
  10. To allow Credential Manager account to start or restart a service, select its check box in the Restart column. To disallow this feature, clear the check box.
  11. Select
    OK
    if you want to update credentials for all the discovered services whenever the target account password changes.
To add a service to the account manually, follow these steps:
  1. Select the
    +
    icon in the Services table.
  2. In the new row, select a Proxy or Windows Remote Credential.
  3. Enter the
    Service Host
    on which the service resides, and enter the Service name.
  4. To allow Credential Manager account to start or restart a service, select its check box in the Restart column. To disallow this feature, clear the check box.
  5. Select
    OK
    if you want to update credentials for all the listed services whenever the target account password changes.
To remove any services that are not required, select the
X
delete icon corresponding to the service in the Services table. The deleted service retains its current login credentials and is not updated when the target account password changes.
Discover Scheduled Tasks that Use AD Accounts
Use scheduled tasks discovery to speed the process for adding the scheduled tasks that are associated with an Active Directory target account. Discovered scheduled tasks are typically added to synchronized accounts so Credential Manager can manage them.
Follow these steps:
  1. Select
    Credentials
    ,
    Manage Targets
    ,
    Accounts
    . The Target Accounts page appears.
  2. Select a Target Account of the Active Directory
    Application Type
    to use for Scheduled Tasks discovery. The account that you select must be
    Verified
    (with a checkmark in the Verified column).
  3. Select
    Update
    .
  4. Ensure that the data in the fields are specified according to your requirements.
  5. For Scheduled Tasks discovery, select the
    Scheduled Tasks
    tab.
  6. For Change
    Tasks
    Using, select the credentials to use for changing Scheduled Tasks:
    • Change Process Credentials:
      Use the credentials for this AD account.
    • Proxy or Windows Remote Credentials:
      Use the credentials for the Proxy or Windows Remote selected in the next step.
  7. For
    Discover Tasks
    , select Proxy. Select the
    Proxy Host
    from the drop-down list. Enter the
    Host to Search
    on which the tasks reside.
  8. For
    Login Using
    , select the credentials for logging in:
    • Change Process Credentials:
      Use the credentials for this AD account.
    • Proxy or Windows Remote Credentials:
      Use the credentials for the Proxy or Windows Remote selected in the previous step.
  9. Select the Discover
    Tasks
    button. The procedure returns a list of tasks for the account. The discovered tasks are added to the table on the Scheduled Tasks tab.
  10. Select
    OK
    if you want to update credentials for all the discovered scheduled tasks whenever the target account password changes.
To add a scheduled task to the account manually, follow these steps:
  1. Select the
    +
    icon in the Scheduled Tasks table.
  2. In the new row, select a Windows Remote Credential.
  3. Enter the
    Task Host
    on which the scheduled task resides, and enter the Task name.
  4. Select
    OK
    .
  5. Manually synchronize the task password with the account password.
To remove any scheduled tasks
: In the Scheduled Tasks tables, select the
X
(delete) icon corresponding to the task. The deleted scheduled task retains its current login credentials and is not updated when the target account password changes.
To discover Windows Proxy services and scheduled tasks for local accounts, see Register Windows Proxy Target Accounts.
To discover Windows Remote services and scheduled tasks for local accounts, see Configure Windows Remote Target Accounts.