Basically, you need 1 account with read-access to the active directory which is also local administrator on the managed devices and the core server. (you could break it down even further in a very secure site, but this configuration works in most cases best)
You configure this account in:
- The 2 Com+ components LANDesk created
- The LANDesk Scheduler Service tab under Configure - Services in the menubar of the LANDesk Console on the Core
- The Manage Active Directory Sources under Configure in the menubar of the LANDesk Console
What isn't working in your specific case?
I had been given an unused domain account that had read only access to Active Directory, but not local admin rights for the nodes. On the way to fixing that, via a support ticket request, I determined that the COM+ objects were using that same account. I reset all to an account with Domain Admin rights. I can now complete an Agent Deployment task, and not have the Sched Service stop. Thank you!
In addition to what Frank has provided. I would also include preferred server account. Also, I would consider a separate account for each function. The reason is that if the account gets locked out, only that function will stop. If you use one account and it gets locked out, you are screwed. Plus it makes it somewhat easier to troubleshoot some issues.
If you seperate out the accounts, be sure to add the scheduler service account as a LANDesk administrator and give it rights within the console. Certain functions act squirrly if you don't. (Copying to other cores, AutoSync, Unmanaged device discovery actions). Experienced this with 9.5 specifically.