Hyperfish Active Directory Service Account Creation

Justin Tung -

Note: Applies to Hyperfish hybrid (on-premises AD) deployments only

The service account operating the Hyperfish Service needs read/write permissions to target Active Directory Organizational Units (OUs). Hyperfish encourages a least-privilege approach, granting granular permissions for the Active Directory user object(s) that Hyperfish is required to modify.

To delegate permissions for the service account from Active Directory Users and Computers:

1   Right click on the target AD container and select ‘Delegate Control’

2   Select the designated Hyperfish service account

3   Choose ‘create a custom task’

4   Select to Delegate control of ‘Only the following objects…’ and select ‘User objects’

5   Select the following general permissions, then Click ‘Next’ and then ‘Finish’

  • Read and write phone and mail options
  • Read and write general information
  • Read and write personal information
  • Read and write public information
  • Read and write web information 
Have more questions? Submit a request


Please sign in to leave a comment.