Jump to content
Welcome to our new Citrix community!

Netscaler Administrator Bind DN account minimum rights

Recommended Posts

We have HA setup in ADC VPX (200) in production and up to 1000 users connecting daily. And users are able to update their passwords through the Web interface when their Password expire.

Our Netscaler Administrator Bind DN account is a domain admin account. I found this article about the minimum rights of that account. https://support.citrix.com/article/CTX108876.?_ga=2.105178304.2144571276.1556502958-200736019.1549935926 


Does it need to be a domain admin account or will it be safe to remove domain admin rights of that account and add the above mentioned permissions? I would like to plan this change in a manner there is no issues for the production users after the change.



Link to comment
Share on other sites

12 hours ago, Carl Stalhood1709151912 said:

Usually the bind account just needs to be a regular Domain User. No special permissions needed unless your AD team modified AD's default permissions.

Thanks Carl, Is that the only place(LDAP server connection settings) any AD account is used in the Netscaler VPX? Asking because I have to reset that password as well.

Link to comment
Share on other sites

4 minutes ago, Carl Stalhood1709151912 said:

You'd want a Bind account whose password doesn't expire.

Thanks Carl, It's currently set to "Password never expires" however after a recent audit it has come to our attention that this password needs to be changed and domain admin rights removed. So I will just have to change password in AD and remove domain admin rights and update it in Netscaler. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...