I have two Western Digital My Cloud EX 4100 NAS devices within my company's network that are both added to Active Directory.
These drives require that an Active Directory account and password be used so that they can query Active Directory.
Using the principal of assigning the minimum rights what privileges do I need to assign to the Active Directory account that will be used by these two Western Digital NAS devices to query Active Directory?
For obvious reasons I don't want to use the domain administrator account or an account that has domain administrator rights for this if possible.
It appears that these NAS devices actually store the Active Directory account username and password that is used for interacting with Active Directory. This is an obvious security risk compared to simply using the domain administrator username and password once for adding a computer to an Active Directory domain (see the screenshot).
We are using a Server 2016 Active Directory environment.
Attached is the owner's manual for this NAS.
Please let me know if any further information is needed.