How many domain accounts do you need for ArcGIS Enterprise?

568
4
Jump to solution
02-07-2018 06:50 AM
MichaelSchoelen
Occasional Contributor III

We have a distributed deployment consisting of 5 machines:

  • Portal with WA
  • Hosting Server with WA and Data Store
  • GIS Server 1
  • GIS Server 2
  • GIS Server 3

One method would be to create domain accounts for the Portal for ArcGIS Account, and then a seperate ArcGIS Server account for each of the four server machines. This would result in 5 domain accounts that act to maintain the machines.

If I create one domain account that can access all of these elements, would there be any consequence (i.e. DOMAIN\arcgis)? Ultimately, the Servers get federated with the portal, if that makes any difference. 

Likewise, can I do something similar with the site administrator accounts, ultimately leaving us with two accounts to maintain (one for server/portal accounts, one for initial administration).

1 Solution

Accepted Solutions
JakeSkinner
Esri Esteemed Contributor

Hi Michael,

You will not run into any issues with a single domain account.  This is the recommended approach.  Also, you will not run into any issues using the same username/password for the built-in administrator accounts.

View solution in original post

4 Replies
JakeSkinner
Esri Esteemed Contributor

Hi Michael,

You will not run into any issues with a single domain account.  This is the recommended approach.  Also, you will not run into any issues using the same username/password for the built-in administrator accounts.

RebeccaStrauch__GISP
MVP Esteemed Contributor

I agree with Jake, it does not cause any issues (or didn't for us in the past).  However, our network services installed our new 10.5.1 install and created a new domain service account for each server software and assigned a different PSA account for each. I think it will work, but also will make things a bit more difficult since it is a lot more accounts and passwords to remember, and I don't think it gains anything (especially the internal software PSA accounts).

Also, my custom tools that make connections and tokens behind the scenes will take more work (i.e. need to figure out how to fix if they don't give me the PSA passwords...and I don't want to hardcode my user/pass, etc into my settings file).  Still working on this.  (I just was handed the machines yesterday afternoon, fwiw).

My opinion.

MichaelSchoelen
Occasional Contributor III

Just to clarify, are you suggesting we could go down to one account that manages the servers AND acts as an administrative account?
Or are you saying we can go down to one service account AND one administrative account?

0 Kudos
JakeSkinner
Esri Esteemed Contributor

You will use one service account AND one administrative account. The administrative account will be a built-in user account only known to Portal and ArcGIS Server.  It is not and cannot be a domain or windows account.