We are planning on using AD authentication for EM12c R2. However, the EM 12 documentation mentions the principal to be created in AD should belong to the Administrators group. They rightly question this requirement since it should never require anything more than a less restrictive read role in AD.
Has anyone had success in configuring AD with EM 12c R2 and if so, what are the real roles/privileges needed for this to work?
The principal doesn't necessarily need to be in the Administrators group as long as the principal has privileges to search for users and groups under the search base specified in user/group search base dn.