If you want your jobs to be executed by only AD account, Use Automation Principal.
can you clarify what accounts you are talking about here? you need to remove the BSA user login accounts ('SRP accounts') from the bladelogic database and ensure that your users are logging in using AD-enabled accounts?
or you are trying to remove the local accounts on the target servers that you manage w/ bsa ? eg the BladeLogicRSCD account - and want to make sure that you are using a domain account to communicate w/ your target servers ?
I'm not fully understanding your question. BSA installation with SRP means all BSA users/passwords are stored in the BSA database.
You state that "AD is installed and provisioned with new domain usernames. All native windows user accounts require to be deleted across the network. What changes require to be done on RSCD accounts?"
If I'm understanding this correctly, nothing. Your BSA users and passwords are still stored in BSA. In Windows the RSCD Agent maps to a local administrator account, not any local user accounts. So removing local user accounts wouldn't impact BSA.
If your scenario is something different, please elaborate. As Siddu stated, if you don't want to map to a local administrator account, you can use a domain service account. In BSA that's called an Automation Principal.
As far as BSA users within BSA, you can set the password to expire after a certain amount of days.
There will be no local administrator or any local user account. So, only option left is to use a domain service account.
AD will not allow any user login account on any server.
We are trying to remove the local accounts on the target servers that we manage w/ bsa. eg the BladeLogicRSCD account - and want to make sure that we are using a domain account to communicate w/ our target servers .
Gyan - then you want to use an Automation Principle. Under RBAC Manager create a new AP, give it a Name and fill in the principal ID (account name), domain and password of the service account you're going to use.
Then in your Roles, open your Role(s) and select the Agent ACL tab. Under Platform select the WINDOWS tab. Under Automation Principle select Map to and in the drop down menu select the AP you created.
Depending on how you're using your users.local file, you may or may not have to run an ACL Push Job to your servers to populate the users file.
1 of 1 people found this helpful
yes - you need to use the AP. after you have the servers working w/ the AP you can use the 'chapw -d' command to remove the local BladeLogicRSCD accounts from your servers.