Enable Full Delegation for the Kerberos Principal User Accounts in Active Directory
Enable Full Delegation for the Kerberos Principal User Accounts in Active Directory
Create the keytab files using the
ktpass
command.
To use full delegation, you must enable delegation for all of the accounts you created, except for the LDAP bind user account that you use to access and search Active Directory during LDAP synchronization.
To enable full delegation, perform the following steps for each user account:
Right-click the user account and select
Properties
.
The
Properties
dialog box appears.
On the
Delegation
tab, select
Trust this user for delegation to any service (Kerberos only)