Skip to main content

Changing the Active Directory OU Where Users Get Created

Summary

The Active Directory OU where Netwrix Privilege Secure users get created can be customized by modifying the appsettings.json file in the product's ProgramData directory.

Instructions

  1. Open the following file in Notepad. (The drive letter may differ depending on your installation.)

    C:\ProgramData\Stealthbits\PAM\WebService\appsettings.json

  2. Locate and change the following value. If a ManagedOUs setting does not exist, add it prior to the final closing brace and append a comma to the preceding line:

    "ManagedOUs": {
        "Users": "SbPAM Users"
    }

  3. Example: if the desired OU's Distinguished Name (DN) is “OU=Prod,OU=PAM,OU=SbPAM Users,DC=lab,DC=local”, change "SbPAM Users" in the example above to "Prod,OU=PAM,OU=SbPAM Users".

    NOTE: The leading OU= and trailing DC= segments are dropped.

    After the change, the setting will look like this:

    "ManagedOUs": {
        "Users": "Prod,OU=PAM,OU=SbPAM Users"
    }

  4. Save the appsettings.json file.

After this change, users created or managed by Netwrix Privilege Secure will be created or managed in the newly specified Active Directory OU.

NOTE: Activities that are run with Managed login accounts, and were run before this configuration change was made, may still create user account objects in the SbPAM Users OU. To circumvent this behavior, change the Login Account Template on the activity. This will prevent the activity from referencing any historical Postgres data referring to the SbPAM Users OU.