In a single-domain environment, running Meridian’s AutoManager EDM Server service under a domain account as described in Understanding Active Directory security problems is sufficient—the service needs to be able to log on to the domain. We highly recommend that the domain account also be a member of the Meridian application server’s Administrators group.
When Meridian is installed in an Active Directory environment with multiple domains, for example, one user domain and one resource domain, some additional configuration is needed to allow the vault security to function correctly. The Meridian service account needs to be able to query the domain controller for the group memberships of users. A default installation of Active Directory allows these queries by including the built-in group Authenticated Users as a member of the built-in Pre-Windows 2000 Compatible Access group.
In order to allow access to users from remote domains (other than the domain where the Meridian application server resides), the Meridian application server must first be configured as described in Understanding Active Directory security problems. Additional configuration may be necessary as described in the following topics.
Related concepts
About Meridian support for Microsoft Active Directory
Understanding Active Directory security problems
Using Meridian with nested groups
Related tasks
Granting domain privileges with a service account
Granting domain privileges to the Meridian server
Granting membership query access
Configuring computer name resolution