Hello,
might be, anyone can help here. Whyever, ADM will use NTLM to migrate accounts between the domain (Intra Forest). Because we've seen, that the accounts for example for DSA to migrate SIDHistory will not only use NTLM, this account will also be used from the console to authenticate the console user (for example by browsing OUs).
I there any chance to switch to Kerberos? NTLM contains some security issues and if I use the account for whatever reason on the console mmachine, then the password hash will be stored there and a "unfriendly user" can use These high-previlaged account for whatever reasons (to read the hash, it is a simple exercise).
As long we asked Dell, there we got the information that this should work and there might be a work around to use Kerberos. But we dont find any additional information. I cannot imagine, that this will not work - it is a required security feature for such a critical tool, where I ned to use administrative accounts (Dell recommends Enterprise Admin!!!). But a clear message is missing.