It is necessary to dedicate a new container in the Active Directory domain to create new system data.

You can use a container or organization unit (OU) as the directory. The system directory might reside in the domain root folder or in a container of any nesting level.

System data is the container that comprises a number of sub-containers. The latter are to store all the system data.

You have to create a service account and give it full access to the system data container and all of its child elements in order for the system to work with the data storage.

The account named IndeedDataUser is created as an example. Screenshots below demonstrate the configuration process for this account.


  1. Open the “Security” tab in the properties of the selected object.
  2. Add the created service account to the “Groups or user names”.

  3. In the "Permissions for IndeedDataUser” window select “Full control” and click “Advanced” button.
  4. Select your account in the “Permission entries” window and click “Edit”.
  5. Set the "Applies to" parameter to “This object and all descendant objects”.


  • No labels