All operations performed via an Adaxes service in an AD domain are executed using the account specified during registration of this domain with the Adaxes service. So, the logon account of the managed domain should have administrative permissions within the domain to enable sufficient access to it.

Due to such model, any user from a managed domain can work with another managed domain via an Adaxes service even if no trust relationship is established between these domains. In this case, the service uses the domain logon information to enable user access to this domain. User access is restricted by Security Roles assigned to users and groups. When a user performs operations using an Adaxes service, this service checks permissions assigned to this user through Security Roles and if the user is allowed to do it, fulfills such operations using the domain logon information.

The logon account information is held locally in a secure storage on an Adaxes service computer. When Adaxes services share their configuration, this information is not shared and must be provided for every service individually.