...Because someone's gotta tell the story...


To return to the main Blog List, click Full Blog Listing.


System Center

Service Manager 2012 R2 and needed accounts

Wednesday, August 19, 2015 in System Center (Views: 1972)
There seems to be a little confusion out there about what accounts are needed in Service Manager and what purposes they may serve. I created a couple of tables explaining the 2 sets of accounts, the first table are for the service accounts, and the second, the connector accounts. Both tables include least permission as I see it for said accounts.

Service Accounts
Sample Account NamePurposeDescripton
SCSM Admins (Group)Management Group AdminsAccount used to run setup must be able to add users to this group
SASCSM Service AccountLocal admin on SCSM Servers and must be the same account on MS and DW Server
RAReporting AccountGranted rights in SQL during SCSM setup
ASSQL Analysis Services AccountGranted rights in SQL during install
WFWorkflow AccountNormal user account – needs mailbox and send permissions for notifications. Manually add this account to SM Admins if not present after install.

Connector Accounts
Sample Account NamePurposePermissions
ADAD Connector Account
  • AD Read
  • Advanced Operator in SM
OM CIOps Manager CI Connector Account
  • Domain Account
  • Member of Users local group on the MS
  • Must be a SCOM Operator.
OM ALOps Manager Alert Connector
  • Domain Account
  • Member of the local users security group on the SM MS
  • Must be a SCOM Admin.
CMSCCM Connector Account
  • Member of the smsdbrole_extract and db_datareader on the SCCM DB
  • Advanced Operator in SM
SCOOrchestrator Connector Account
  • Read Properties, List Contents and Publish Permissions to the root Runbook folder and all child objects (via Runbook Designer).
VMMVMM Connector Account
  • SCVMM Admin
  • Local admin on VMM Server
  • SCSM Advanced Operator

Hope this helps someone else in demystifying and creating some best practices on accounts.


Related Blogs You May Be Interested In:

To leave a comment, please log in and/or register.