Similar to how Vault works with databases and cloud providers, the Active Directory secrets engine dynamically generates the account and password for the requesting Vault client.
The Active Directory secrets engine rotates Active Directory passwords dynamically. It does not, however, dynamically generate the AD account. The AD account must exist prior to configuring it in Vault. If it does not, the configuration will fail, stating that the account doesn't exist.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit