Groupsymmetry utilizes a proxy account to interact with storage and Directory Services. This account's password is lengthy, randomly-generated, and secured by the Groupsymmetry Engine, and is automatically regenerated each time the Engine service starts.
As such, it's important that any password policy applied to this service account adhere to the following guidelines:
- No minimum password age. The Engine password might be changed several times in a short period if the Engine restarts several times (as might happen during initial setup or when troubleshooting an issue.) Minimum password ages will cause errors in that scenario.
- No maximum character limit. This is a common cause of password issues for Groupsymmetry's proxy account. This account's password can be lengthy (30-80 characters) and should not be capped.
- Standard or strong complexity requirements. Groupsymmetry's proxy account passwords are generated in such a way that strict password complexity accounts should always be met.