userName

This element specifies the name of the user account to use when accessing Active Directory to lookup users and their group membership. The named account requires only sufficient privileges to lookup users and list their group memberships - it does not require any privileges to modify Active Directory records. If this element is present, then the password element should also be provided to give the password for the user account to be used. If this element is omitted, the connection will be made to Active Directory using the identity of the Web3 application (either the Web3 web service app pool user or the Web3 windows service user).

This element is a child of the adRoleProvider element.

Note: We do not recommend using an account configured through the userName and password elements in the configuration file as this exposes a password in plain-text. Instead we recommend ensuring that the user accounts used to run the Web3 web application pool and Web3 windows services should be granted sufficient privileges in Active Directory to search for users and list their group membership.