Using a Bind user account with a non-expiring password is recommended. The Bind user must have the following permissions in Active Directory to grant access to users and groups objects:
If you plan to convert the Other directory to Active Directory over Integrated Windows Authentication.This requirement applies to the following cases.
To use some features, you must join the Windows server to the domain, you must install the VMware Identity Manager connector as a domain user that is part of the administrator group on the Windows server, and you must choose to run the IDM Connector service as a Windows domain user.