Use a Managed Account as a Credential

You can use a managed account for the credential when you are configuring queries and user groups for Active Directory and LDAP.

You cannot delete a managed account if it is used as a credential for a user group. You can delete a managed account used as a credential for a directory query; however, the query will no longer run. You must select another credential for the query to run again.

For more information on managed account settings, please see Add a Managed System Manually.

Configure the Managed Account

Before you configure the query or group, the managed account must be in place and specific settings must be selected.

When you configure the managed account settings, be sure to select the Allow this account to be used in BeyondInsight and Directory Queries option.

If there are several managed accounts organized in a Smart Group, select Enable Accounts for AD/LDAP queries in the Smart Rule.


Disable the Change Password After Release option on the managed account, because log files can grow significantly in a short time when using managed account credentials with a directory query.

Configure the Query

Active Directory and LDAP queries can use a managed account as a credential.

An Active Directory or LDAP group can use a managed account as the credential. When you create the group, the managed account is listed as a credential.

For more information on creating directory queries, please see Create a Directory Query.