Configuring SCCM Connector with an Active Directory account

Discussion created by Dennis.Smith Employee on Dec 20, 2016

The username and password settings in the Snow Integration Manager connector for SCCM 2012 are for use with database account only, not for AD account to authenticating the database. In order to authenticate to the database with an AD account, one must use the Integrated Security option, which grays out the username and password fields and effectively ignores them. 



When using the Test button in configuration like this, the username and password entered in the grayed out fields are not used at all. Rather, the account logged on to Windows is used to authenticate on network and database. This may provide misleading results as connecting to and testing connection may work while the connector as a service will not connect. Mainly this is due to the fact that a domain admin account is used to log on to the Windows server to configure this, and this account have all permissions required. 


In order to correctly configure the SIM to use the AD account, one will need to update the logon account used by the SIM service. The actual service is called "Snow Inventory External Data Provider". In the properties of the service one needs to set the AD account as This Account in the Log On tab. Once  that is done, the service will use this account when the scheduled connector is running.  
NB: This AD Account needs to be in the local Administrators group, or else the service will not start. 



The only way to test that this account works, apart from seeing if the service succeed in connecting when scheduled, is to log on to the Windows server with the account. This may not be possible, since service account normally are not granted the logon permissions to the OS.