Summary

When adding new Windows accounts through Laserfiche Directory server, you might be prompted to enter domain credentials. This can occur even if the Directory Server service account has all the required permissions per Required Permissions for Enabling Active Directory Group Synchronization.

Cause

The credentials entered on the Identity Provider Settings page are used only for backend queries during processes like user authentication and Active Directory group synchronization. Those credentials are not used when performing interactive queries from the user interface. Directory Server caches query credentials once per browser session at this time. If you noticed a change in behavior and you did not recently upgrade your Laserfiche Directory Server version, there was mostly likely a change in IIS or browser settings.