Hello, I currently am using my Domain Admin account to run a scheduled task. The scheduled task is a VB Script that accesses WMI information and LDAP information from a few Domain Controllers and Servers. How would I set up a service account with the appropriate permissions to access this information on each DC and memeber server? I'd like to stop using my Domain Admin account for the scheduled task. If you would like me to post the VB Code to see it more closely, let me know. Thanks.

I'd suggest simply creating a dedicated AD account for use this this scheduled process, and not assigning that account to ANY groups. Run it an see if it works or not. Depending on your specific AD configuration, normal Domain User accounts may or may not have the rights to read the objects/attributes you are querying via LDAP queries. The simplest way to test that is just a little trial and error.

I tried creating a simple user account, "secmanager," (no groups, just "Domain Users") and the script didn't run as scheduled. The script/scheduledis supposed to run on the Exchange Server. The new user doesn't work. The main problem is standard users in the company have the password policy applied to the"Users" OU. We have an OU for "service accounts" that doesn't have the password policy applied to the OU. Plus, if it should ever happen, I no longer work for the company, I'm sure my boss would like this scheduled task to continueand run.

Hi Eric, Yep, you need to do some trial and error. Try this All users have read-only access to Active Directory so normal user can access LDAP information if you are not doing any modification. Form WMI try adding user into local admin group for particular server where you are running script and on server where script is going to access WMI.

Hi Amit, It didn't work. I put "secmanager" in the Administrators (Built-in\Administrators on DCs) group on each machine that it pulls WMI information from. Script Error Message: [800A0046]: Permission denied: 'GetObject' on 'WinMgmts://%computername%/root/cimv2. Check the permissions and availability of the remote node.'

Hi Eric, Please post the issue in related newsgroup to get relevant help. http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.general&cat=en_US_9741c575-ec92-42f8-85ba-00dfe1483cf5&lang=en&cr=US Thanks for your understanding. Regards, Xiu